US11074349B2 - Apparatus with anticounterfeiting measures - Google Patents
Apparatus with anticounterfeiting measures Download PDFInfo
- Publication number
- US11074349B2 US11074349B2 US16/240,671 US201916240671A US11074349B2 US 11074349 B2 US11074349 B2 US 11074349B2 US 201916240671 A US201916240671 A US 201916240671A US 11074349 B2 US11074349 B2 US 11074349B2
- Authority
- US
- United States
- Prior art keywords
- key
- validator
- path
- value
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/556—Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/76—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in application-specific integrated circuits [ASIC] or field-programmable devices, e.g. field-programmable gate arrays [FPGA] or programmable logic devices [PLD]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
- H04L9/003—Countermeasures against attacks on cryptographic mechanisms for power analysis, e.g. differential power analysis [DPA] or simple power analysis [SPA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
- H04L9/16—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/75—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation
- G06F21/755—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by inhibiting the analysis of circuitry or operation with measures against power attack
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/40—Specific encoding of data in memory or cache
- G06F2212/402—Encrypted data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2125—Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/24—Key scheduling, i.e. generating round keys or sub-keys for block encryption
-
- H04L2209/38—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/061—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Definitions
- This patent relates to techniques for processing encrypted data inputs, and more specifically, to protecting such systems and data against external monitoring attacks.
- U.S. Pat. No. 6,539,092 entitled “Leak-Resistant Cryptographic Indexed Key Update,” provides methods for converting a shared master key and an index value (e.g., a counter) into a transaction key, where the derivation is protected against external monitoring attacks.
- an index value e.g., a counter
- Those methods work well in applications where the device(s) being protected against external monitoring attacks can contribute to the derivation of the transaction key.
- the '092 patent describes how a smartcard can maintain an index counter which increments with each transaction, then use the index counter in the key derivation.
- an attacker can potentially supply the decryption device with tampered data sets, then attempt to recover the secret key by monitoring external characteristics while the device processes (e.g., decrypts, etc.) these ciphertexts.
- Statistical side channel attacks such as differential power analysis (DPA), can deduce a secret key from a set of measurements collected when a device uses the same key repeatedly to operate on different input values (such as the different firmware ciphertexts or tampered versions of the same firmware ciphertexts in the foregoing examples).
- DPA differential power analysis
- Measurements from a single long message e.g., comprising many block cipher inputs
- a collection of legitimate messages such as multiple firmware versions
- Lock-out mechanisms introduce numerous practical problems, however, such as reliability concerns and the difficulties associated with storing a failure counter (e.g., many semiconductor manufacturing processes lack secure on-chip nonvolatile storage, and off-chip storage is difficult to secure).
- This patent describes ways to secure devices which utilize secret cryptographic keys against external monitoring attacks, as well as to provide improved security against conventional cryptanalysis and other attacks (such as DPA and other forms of external monitoring attacks) which gather information correlated to the device's internal operations.
- Conventional cryptanalysis and other attacks such as DPA and other forms of external monitoring attacks
- each set of data to be encrypted is associated with a message identifier (such as a transaction/message counter, a hash of the plaintext, a random value, or another unique or semi-unique value).
- the encryption device derives a message key using the message identifier and an initial secret internal state that is shared with the decryption device(s).
- This derivation is performed in an iterative manner through a succession of one or more intermediate keys, starting from at least a portion of the shared secret internal state and leading up to the message key, where, in each iteration, the next key depends on at least one prior key and at least a portion of the message identifier.
- the plaintext may be decomposed into one or more segments. Each plaintext segment is encrypted with one or more secret keys that can include the message key, or keys further derived from the message key, to create the corresponding encrypted segment. Typically, a different key (or a different set of keys) is used for each segment.
- the encrypting device uses a secret key shared with the decrypting device (such as the message key, the secret internal secret, a different key, keys derived from the foregoing, etc.) to compute at least one validator.
- a secret key shared with the decrypting device such as the message key, the secret internal secret, a different key, keys derived from the foregoing, etc.
- Derivation of the validator may be performed using an iterative process similar to that used to produce the message key, whereby a sequence of transformations are applied to the secret key to produce successive values (for example, where the generation of each intermediate includes hashing its parent value).
- the encrypting device outputs the one or more encrypted segments and one or more validators. Additional information may also be output as needed to enable the recipient to determine the message identifier.
- a decrypting device receives the one or more encrypted segments, one or more validator(s), and the message identifier corresponding to the encrypted segment(s). It then uses one or more validators to verify that at least the first encrypted segment to be decrypted has not been modified. Verification of the validator may include computing a sequence of successive intermediate values, starting with a secret shared with the encrypting device and where each intermediate is the hash of its parent (and the specific hash operation depends on a portion of the hash of said encrypted segment(s)). Typically, the decryption process for an encrypted segment is only permitted to proceed if it is verified that the segment is not modified.
- the decrypting device computes the message key (if not already derived), using the secret internal state that it shares with the encryption devices, by following the same iterative key derivation process followed by the encrypting device (i.e., starting from at least a portion of the shared secret internal state, leading to the final message key, through a sequence of intermediate keys, where at each step the next key depends on at least a portion of the message identifier and at least one prior key).
- Each encrypted segment (if determined to be unmodified) is decrypted with the one or more corresponding secret keys derived from the message key to recover the corresponding plaintext segment.
- FIG. 1 shows an exemplary embodiment of the overall process for verifiable, leak-resistant encryption using key and ciphertext hash chaining.
- FIG. 2 shows an exemplary embodiment of a leak resistant, key-tree-based key derivation process starting from a shared cryptographic secret, KSTART, and continuing through a path P1 . . . PQ.
- the key derivation process of FIG. 2 is usable in connection with the first exemplary encryption process of FIGS. 1 & 3 and the first exemplary decryption process of FIG. 4 . It is also usable in connection with the other exemplary encryption processes of FIGS. 5, 11 & 13 , and the other exemplary decryption processes of FIGS. 6, 12 & 14 .
- FIG. 3 shows an exemplary embodiment of a leak-resistant key and ciphertext hash chaining process for encryption (e.g., comprising part of the overall encryption process shown in FIG. 1 ).
- FIG. 4 shows an exemplary embodiment of a verifiable, leak-resistant decryption process using key and ciphertext hash chaining corresponding to the encryption process of FIG. 1 (and FIG. 3 ).
- FIG. 5 shows an exemplary embodiment of a process for verifiable, leak-resistant encryption using key and plaintext hash chaining.
- FIG. 6 shows an exemplary embodiment of a process for verifiable, leak-resistant decryption using key and plaintext hash chaining corresponding to the encryption process of FIG. 5 .
- FIG. 7 shows an environment in which verifiable, leak-resistant cryptographic operations are used for loading firmware onto a system on a chip.
- FIG. 8 shows an environment in which verifiable, leak-resistant cryptographic operations are used within a secure CPU chip, where external memory such as flash and/or RAM is untrusted.
- FIG. 9 shows an environment in which verifiable, leak-resistant cryptographic operations are used for loading a bitstream image on to a field programmable gate array.
- FIG. 10 shows an environment in which verifiable, leak-resistant cryptographic operations are used in a packet based network communication device.
- FIG. 11 shows an exemplary embodiment of a process for verifiable packet-level leak-resistant encryption that can be used with the environment described in FIG. 10 , as well as in other embodiments.
- FIG. 12 shows an exemplary embodiment of a process for verifiable packet-level leak-resistant decryption corresponding to the encryption process described in FIG. 11 .
- FIG. 13 shows an exemplary embodiment of an exemplary ENC( ) operation, using cipher block chaining (CBC) with intra-segment key changes.
- CBC cipher block chaining
- FIG. 14 shows an exemplary embodiment of an exemplary DEC( ) operation, using cipher block chaining (CBC) with intra-segment key changes, corresponding to the encryption operation of FIG. 13 .
- CBC cipher block chaining
- the techniques described in this patent enable parties to communicate cryptographically-protected sensitive data with increased security against external monitoring attacks.
- exemplary embodiments are described involving two parties, typically referred to as an “encrypting device” and a “decrypting device”, the term “device” is chosen for convenience and need not necessarily correspond directly to any particular role in a system design.
- the devices may, but are not required to, utilize different form factors or implementations.
- the encrypting and decrypting devices could both be portable hardware devices.
- the encrypting device could be a software application running on a server operating in a facility, while the decrypting device could be a portable hardware device (or vice versa).
- Entropy redistribution operations may be implemented, without limitation, using cryptographic hash functions, operations constructed using block ciphers (such as AES), pseudorandom transformations, pseudorandom permutations, other cryptographic operations, or combinations thereof.
- block ciphers such as AES
- pseudorandom transformations such as AES
- pseudorandom permutations other cryptographic operations, or combinations thereof.
- certain exemplary embodiments are described with respect to a hash, but those skilled in the art will understand that, pursuant to the foregoing, other entropy redistribution functions may also be used instead or in addition.
- entropy redistribution operations can also be constructed from a base operation.
- f0( ) could comprise applying the SHA-256 cryptographic hash function to the operation identifier string “f0” concatenated with the input to f0( )
- f1( ) could comprise applying SHA-256 to the operation identifier string “f1” concatenated with the input to f1( )
- Entropy redistribution operations can be construed using the well-known AES block cipher. For example, to implement f0( ) . . .
- each fi( ) can use its input as an AES-256 key to encrypt a pair of 128-bit input blocks that are unique to the choice of i within 0 . . . b ⁇ 1, yielding 256 bits of output.
- a wide variety of block cipher based hash function and MAC constructions are also known in the background art and may also employed.
- This section describes certain cryptographic value(s) and/or operation(s) shared by both the encryption device, and its corresponding decryption device, used to perform verifiable leak-resistant cryptographic operations as described in this patent.
- the encrypting device and decrypting device are set up so that each has access to a base shared secret cryptographic state value, such as a secret key denoted as KROOT.
- This secret state may, for example, be stored in one or more of EEPROM, flash, fuses, or other storage on a tamper-resistant chip, and may be derived in whole or in part from other values or processes, or may be obtained externally.
- each of these devices obtained KROOT could include, without limitation, each being manufactured with KROOT, the devices negotiating KROOT directly with each other or via third parties (e.g., using protocols utilizing RSA, Diffie-Hellman, or other public key cryptographic techniques, or symmetric techniques), by receiving of KROOT via a physical keying interface, randomly generating KROOT (e.g., if the encrypting and decrypting device are the same), etc.
- the encrypting device and decrypting device also are both able to compute a set of non-linear cryptographic entropy redistribution operations f0( ) f1( ), . . . , fb ⁇ 1( ) where b>1 is a positive integer.
- These b entropy redistribution functions can be configured in a tree structure. For example, a simple b-ary tree structure of height Q (i.e., having Q+1 levels, from 0 through Q) can be created by using b distinct entropy distribution functions, f0( ) . . .
- fb ⁇ 1( ) to represent the b possible branches of this b-ary tree at each node of the tree, each node representing a possible derived key.
- KSTART which is at level 0
- b possible derived keys can be computed at level 1: f0(KSTART) for the leftmost branch; f1(KSTART) for the next branch; and continuing until fb ⁇ 1(KSTART) for the rightmost branch.
- b2 possible keys can be derived, since each of f0( ) . . . fb ⁇ 1( ) could be applied to each of the b possible level 1 keys.
- each possible key i.e., a different node
- the entire key tree has Q+1 levels, starting with a single node at level 0, continuing with bi nodes at level i, and ending with bQ nodes at level Q.
- Each such possible path corresponding to a unique the sequence of functions applied at the different levels, can be represented as a sequence of Q integers, each integer being selected from (0 . . . b ⁇ 1).
- b 2.
- embodiments can involve more variety in the choice of b, such as varying the value of b among levels, and/or varying b based on the route taken to a particular level.
- the entropy redistribution operations can also be varied, such as by making the entropy redistribution operations fi( ) differ at different levels or making these operations depend on the sequence taken to a particular level.
- the encrypting and decrypting devices are also able to perform a cryptographic, non-linear key chaining operation g( ), which may be (but is not necessarily) distinct from the functions fi( ).
- g( ) consists of a cryptographic hash operation.
- Variant embodiments can use different functions for different applications of g( ), including variants constructed from a base function (e.g., by hashing the input data with a counter or another value representing the application of g( )).
- the encrypting device and decrypting device also have a cryptographic, collision-resistant, one-way hash function h( ) (e.g., employed as a segment hashing function), which may be (but is not necessarily) distinct from the operations fi( ) and from g( ).
- h( ) e.g., employed as a segment hashing function
- each of the operations fi( ), g( ), and h( ) is constructed from a common cryptographic hash function by computing each operation as the cryptographic hash of an operation identifier and the input data.
- the operation identifier may, for example, be a zero-terminated string consisting of “f #”, “g” or “h” where # is the value of i for a given fi( ) such that the operation identifier for f0( ) would be “f0”.
- the HMAC of an operation identifier using the input as a key may also be used to implement these operations.
- Hash functions usable with the techniques of this patent include, without limitation, MD5, SHA-1, SHA-256, SHA-512, any SHA3 candidate operation, as well as combinations of the foregoing and constructions using the foregoing (such as HMAC).
- HMAC Hash functions
- each of the functions BLAKE, Blue Midnight Wish, CubeHash, ECHO, Fugue, Grostl, Hamsi, J H, Keccak, LANE, Luffa, Shabal, SHAvite-3, SIMD, and Skein is a “SHA3 candidate operation”.
- the hash function is derived using other well known constructions such as, without limitation, Matyas-Meyer-Oseas, Davies-Meyer, Miyaguchi-Preneel, Merke-Damgard, etc, that convert block ciphers such as AES, DES or other ciphers into a hash function. Transformations that are not collision-resistant (such as MD5, reduced-round variants of hash transformations, or other mixing operations) can also redistribute entropy present in the input, but would be less attractive for use as the one-way function h( ).
- Still other embodiments may utilize stream ciphers, potentially including lightweight and potentially cryptographically weak stream ciphers, in implementing entropy redistribution operations f0 . . . b ⁇ 1( )
- the stream cipher RC4 may be employed, where the entropy redistribution operation input is used as the RC4 key and the RC4 output bytes are used as (or used to form) the entropy redistribution operation output.
- the encrypting device and decrypting device have a secret key encryption function (or set of functions) ENC( ) with a corresponding decryption function DEC( ).
- ENC( ) and DEC( ) may utilize conventional cipher constructions such as AES in ECB or CBC mode. Constructions of ENC( ) and DEC( ) for other embodiments are described later with respect to FIG. 13 and FIG. 14 , respectively.
- This section describes an exemplary embodiment of the general technique for verifiable leak-resistant encryption and decryption.
- This first exemplary embodiment uses key chaining and ciphertext hash chaining.
- the encrypting device Given a sensitive plaintext data message D to be protected, and with knowledge of a shared base secret cryptographic value KROOT, the encrypting device performs the following steps, as outlined in FIG. 1 . First it decomposes the sensitive plaintext data D into a sequence of L segments D1, . . . , DL (step 100 ), where (L. ⁇ 1), each of which is small enough to fit into the memory for incoming segments in the receiver(s). In addition, the size of each of these segments should be sufficiently small to meet the leakage requirements of the application and implementation. The segments can be, but are not necessarily, the same size. In addition, other variants can also support segments of unlimited size by changing keys (e.g., within ENC( ) and DEC( ) as will be shown below with respect to FIGS. 13 and 14 .
- the encrypting device also generates (step 101 ) a nonce N which (as will be shown below) may be used as a message identifier (or a precursor thereto) for use in connection with the encryption of D.
- the nonce could be generated using a true random number generator, a pseudorandom number generator, some combination of true and pseudorandom number generators, a counter value or other (preferably unique or seldom-repeating) parameter, or by deriving N from keys and/or data (including without limitation D, e.g., by setting N to the hash of part or all of D) available to the encryption device.
- the value of N used to encrypt a particular message is preferably not used to encrypt any other message (or if so, any reuse should be limited, unlikely and/or infrequent).
- a message identifier H1 is formed using nonce N.
- N serves as the message identifier
- H1 may simply equal N.
- the encrypting device could compute H1 (step 102 ) as the hash of N using the function h( ). Hashing is useful in situations where one wishes to produce a fixed-size message identifier, for example, to permit the incorporation of longer data values (such as text strings) while operating on shorter quantities for computational efficiency, or to convert variable-length data values to a uniform length message identifier for computational simplicity, or to reduce any ability adversaries may have to influence the selection of H1.
- hashing is only one way to produce the message identifier, and those skilled in the art will appreciate that functions other than h may be employed to produce H1.
- the encrypting device After computing H1, the encrypting device computes a message key, KMESSAGE, using the shared base secret cryptographic value KROOT and H1 ( 103 ) as input to a leak resistant, key-tree-based key derivation process.
- the key derivation process is presented here in the context of encryption (e.g., performed by the encrypting device), and more specifically, in the context of the first exemplary encryption process of FIG. 1 .
- the same key derivation process will also be used in the first exemplary decryption process of FIG. 4 , in which case it will be performed by the decrypting device.
- the key derivation process will also be used in connection with other processes, including the exemplary encryption processes of FIGS. 5, 11 & 13 , and the exemplary decryption processes of FIGS. 6, 12 & 14 .
- KSTART is the value of the shared secret key KROOT and path P1 . . . PQ ( 202 ) is determined by H1.
- H1 The conversion of H1 into P1 . . . PQ is discussed below.
- the path specifies a succession of entropy redistribution operations to be applied to KSTART.
- message identifier H1 is decomposed into Q parts P1, P2, . . . , PQ.
- each Pi is a single bit (0 or 1).
- the path parts P1 . . . PQ can be used to specify a specific path from KSTART to KSTART,PATH by applying functions f0( ) f1( ) . . .
- fb ⁇ 1( ) to produce a plurality of intermediate keys leading to KSTART,PATH as follows.
- the function fP1 is applied to KSTART ( 203 ) to yield an intermediate key KSTART,P1, followed by the application of fP2 on KSTART,P1 to yield the intermediate key KSTART,P1,P2 ( 204 ) and so on, until the final application of fPQ on the intermediate key KSTART, P1, P2, . . . , PQ ⁇ 1 ( 205 ) to yield the final derived key, KSTART, P1, P2, . . . , PQ ( 206 ).
- each intermediate key depends on at least one predecessor key (e.g., in the case of FIG. 2 , its immediate parent) and the relevant portion of the message identifier.
- this final derived key With the notation KSTART,PATH (indicating the key that was reached by starting with KSTART and following PATH).
- the final derived key (the message key which is assigned to KMESSAGE) is denoted KROOT,H1 since the starting key is in fact KROOT, and the path is in fact P1, P2, . . . , PQ which is simply the decomposition of H1.
- KROOT,H1 since the starting key is in fact KROOT
- PQ which is simply the decomposition of H1.
- KMESSAGE may be derived from KROOT,H1, e.g., by hashing KROOT,H1. Either way, KMESSAGE is based on KROOT,H1.
- An exemplary embodiment for step 104 is shown in FIG. 3 , which depicts the steps and states involved in computing the encrypted segments E1, . . . , EL.
- the function g( ) is applied to KMESSAGE to yield K1 ( 302 ), the encryption key to be used for the first segment.
- the function g( ) is applied to the key K1 to yield K2, the encryption key for the second segment ( 303 ), and so on.
- the function g( ) is applied to key KL ⁇ 1 to produce KL the encryption key for the final segment ( 305 ).
- key chaining because the encryption keys are chained to one another.
- the encryption of the segments proceeds as follows.
- the final (L'th) segment is processed first, where the plaintext input ( 306 ) to the ENC( ) function is the L'th data segment DL, concatenated with message integrity value computed by cryptographically hashing the entire plaintext D1 . . . DL.
- the inclusion of the hash of D1 . . . DL is optional; embodiments may omit this, or concatenate other data such as sequence of ‘0’ bytes or some other form of padding).
- This L'th plaintext segment is encrypted by the key KL to yield the encrypted segment EL ( 307 ).
- the L ⁇ 1'th segment is processed at ( 308 ) by applying the hash function h( ) to EL, appending this hash value to data segment DL ⁇ 1, and using the result as the encryption input to the L ⁇ 1'th segment.
- the L ⁇ 1'th plaintext segment is then encrypted using the key KL ⁇ 1 to yield encrypted segment EL ⁇ 1.
- the encryption input ( 310 ) corresponding to the second plaintext segment is composed of the second data segment D2 followed by h(E3), the hash of the third encrypted segment, and input ( 310 ) is then encrypted using the key K2 to yield the encrypted segment E2 ( 311 ).
- the encryption input ( 312 ) corresponding to the first plaintext segment is composed of the first data segment D1 followed by h(E2), the hash of the second encrypted segment ( 311 ), and input ( 311 ) is then encrypted using the key K1 to yield the encrypted segment E1 ( 313 ).
- the subsequent segment hashes do not need to be encrypted, e.g., Ei could be formed by encrypting Di then concatenating the encryption result with the hash of Ei+1.
- each ciphertext segment Ei (1 ⁇ i ⁇ L) depends on the hash of the next ciphertext segment, e.g., a validator V is used to authenticates the hash of the first ciphertext segment (E1), then E1 yields (after decryption to D1 if necessary) the expected hash of E2. Likewise, E2 yields (after decryption if necessary) the hash of segment E3, and so forth.
- KMESSAGE may be used directly as K1, in which case the operation go can be omitted altogether.
- the result of the process E E1, since this is the only segment.
- a validator V is computed that will enable authorized recipients of the encrypted message to authenticate the ciphertext prior to decryption.
- a value H2 is calculated ( 105 ) as the hash of the first encrypted segment E1.
- the hash of E1 actually reflects the contents of all the segments, including segment E1, and can be used to verify that none of the segments has been changed.
- the input to the hash producing H2 may also include additional information about the message, such as the length, version number, sender identity, value of N, etc.).
- V is a validator of the message identifier and ciphertext segment(s) Ei.
- Computation of V may be performed using the leak resistant, key-tree-based key derivation process described in FIG. 2 , with the starting key KSTART being KMESSAGE and the path being determined using H2 ( 106 ).
- the derivation of V includes computing a plurality of successive intermediate values leading to V, where each depends on at least one predecessor (e.g., in the case of FIG. 2 , its parent value) and the relevant portion of the hash (e.g., H2).
- the functions fi( ) the value b, etc. may be (but are not required to be) the same as were used in ( 103 ).
- This process results in the derivation of the key KMESSAGE, H2 which is (or is further processed to form) the validator V.
- the key KMESSAGE at step 104 and the key KMESSAGE at step 106 may be different from each other but both derived from KROOT,H1.
- the key used at step 106 may be derived from the KMESSAGE used at step 104 , or vice versa, or a different base key (besides KROOT) may be employed as KSTART.
- KROOT itself may even be used as KSTART (e.g., if H2 is a hash of N and/or H1 and one or more ciphertext segments).
- the validator is a verifiable cryptographic proof that some putative ciphertext is an unmodified version of an encryption of some plaintext message data associated with a particular message identifier, and was produced by an entity with access to a secret cryptographic value.
- the validator constructed at step 106 can be conveniently validated by a recipient, such as a decryption device, in a manner that avoids susceptibility to differential power analysis and related external monitoring attacks.
- the validator creation process i.e., the performance of step 106
- the encryption process is complete.
- the result is output.
- the output data consists of the information (if any, e.g., nonce N) required to enable a recipient to derive the message identifier, the validator V, and the encrypted result E (comprising encrypted segments E1, . . . , EN).
- this type of encryption process is able to yield cryptographically-strong output with message authentication, while avoiding the re-use of secret keys located in the encrypting device in ways that would facilitate differential power analysis and related attacks against the encrypting device.
- the encryption result is created in a form which enables a decryption device to perform the decryption without re-using secret keys in ways that would facilitate differential power analysis and related attacks against the decryption device.
- the key-tree process limits the re-use of keys in the formation of KMESSAGE and the validator V, while the ciphertext hash chaining method limits the use of keys used in the data encryption.
- the next section explains how the output data can be subsequently decrypted by the decrypting device.
- FIG. 4 shows an exemplary decryption process corresponding to the exemplary encryption process of FIGS. 1 and 3 .
- this requires that both the decryption device and the encryption device have the ability to derive the same message identifier (e.g., because each device knows nonce N it can compute H1), base secret cryptographic value KROOT, cryptographic functions f( ) g( ) and h( ).
- the exemplary decryption process will use the same key derivation process (and key chaining) depicted in FIG. 2 .
- the exemplary decryption process begins at step 400 with obtaining (e.g., over an untrusted digital interface) the putative result of the encryption (namely, the message identifier (e.g., nonce N), the validator V, and the encrypted result E comprising segments E1, . . . , EN).
- the device next computes the value H1 by hashing the received nonce N. Note that, unless the nonce was received incorrectly, the derived H1 will equal the H1 used in the encryption process.
- the decrypting device computes the value H2 by hashing the segment E1 (and, if previously used during the encryption, other information about the message that was incorporated into the derivation of H2).
- the computed value V′ is compared with the received validator V. If the expected validator V′ does not match the provided validator V, the process terminates with an error (step 406 ) since the provided data may have been corrupted or maliciously modified, or some other error has occurred.
- step 407 a counter i is initialized to the value 1
- a key register K is initialized to the result of computing g(KMESSAGE) which is the key for decrypting the first encrypted segment E1 (i.e., the value of K1 which is labeled 302 in FIG. 3 ).
- a variable H is initialized to H2. The following operations are then performed in a loop as shown FIG. 4 . First, the hash of the next ciphertext segment to be decrypted (i.e., h(Ei)) is computed and compared with the expected hash H (step 408 ).
- the process terminates with an error ( 409 ) and no further decryption is performed. If the comparison succeeds at step 408 , the segment Ei is decrypted at step 410 , using the decryption function DEC( ) with the key K to yield the decrypted segment, which is interpreted as containing the plaintext Di followed by the purported hash of the next ciphertext segment. H is set to this purported hash value.
- a check is performed to see if all the L segments have been decrypted (i.e., whether the counter i equals L).
- the expected pad data e.g., the hash of D1 . . . DL
- the decryption process can be done in a streaming manner (i.e., the decryption device could initially obtain N, V and E1 and then receive the remaining segments E2, . . . , EL one at a time), and still be able to carry out the steps outlined above.
- Streaming operation is, for example, useful if the decrypting device lacks sufficient memory to hold the entire message, or if initial portions of the decrypted data need to be available before the all of the data has been received and decrypted.
- This section describes a second exemplary embodiment of the general technique for verifiable leak-resistant encryption and decryption.
- the second exemplary embodiment uses plaintext hash chaining.
- the re-use of keys is controlled at both the encrypting device and the decrypting device to prevent differential power analysis and related attacks.
- the second exemplary embodiment of encryption by the encrypting device is shown in FIG. 5 which, for the sake of conciseness, is depicted as a combined process diagram and state diagram.
- the encrypting device creates or obtains the message to encrypt, D, and a message identifier N, which may be a counter, randomly-generated value, plaintext hash, etc.
- segment B1 ( 501 ) is formed by concatenating message segment D1 with the hash of any desired message data (denoted as X, which may include elements such as length L, message identifier N, a transaction identifier or counter, etc.)
- B2 ( 502 ) is formed by concatenating D2 with h(B1) (i.e., the hash of B1). Each subsequent Bi up to BL ⁇ 1 is then formed by concatenating Di with the hash of Bi ⁇ 1.
- the last plaintext segment BL ( 504 ) is formed by concatenating DL with h(BL ⁇ 1).
- the next steps of the process ( 505 - 508 ) generate encryption keys for each of the plaintext segments using a key chaining process so that, similar to the first exemplary embodiment, each encryption key is directly or indirectly based on the message key.
- Key Ki for i>1 is computed as g(Ki ⁇ 1), where g( ).
- the second key K2 is the result of computing g(K1) ( 506 ). This process is repeated so that the L ⁇ 1'th key (KL ⁇ 1) is computed as g(KL ⁇ 2) ( 507 ), and the final segment key KL is computed as g(KL ⁇ 1)( 508 ).) Thus, every key Ki is based on (e.g., equal to or derived using) the message key KMESSAGE.
- the next step in the process is the encryption of each of the plaintext segments B1, . . . , BL with the corresponding keys K1, . . . , KL to yield the encrypted segments E1, . . . , EL.
- encrypted segment E1 is created by encrypting B1 with K1 ( 509 )
- E2 is created by encrypting B2 with K2 ( 510 )
- EL ⁇ 1 created by encrypting BL ⁇ 1 with KL ⁇ 1 ( 511 )
- EL is created by encrypting BL with KL ( 512 ).
- the encrypted result E consists of the segments E1, . . . , EL.
- the next step in the process is the computation of the validator V for the encryption ( 513 ).
- the hash function h( ) is used to compute h(N ⁇ E1 ⁇ . . . ⁇ EL) ⁇ h(BL)), where “ ⁇ ” denotes concatenation.
- the validator V is then computed as the hash of the key tree result (i.e., h(KROOT,Z)).
- the result of the encryption process is provided, comprising N, h(BL), E, and the validator V ( 514 ).
- the encryption process above can be employed in systems where the input data D arrives by streaming, or where for other reasons D cannot be processed all at once (e.g., because of memory limitations).
- the encrypting device commences by obtaining N, h(X), and K1.
- a running hash computation is initialized with N.
- Receive input data D i (e.g., streaming in)
- the decrypting device receives (typically from an untrusted interface) the purported results of the encryption process, namely E, h(BL), nonce N, and validator V.
- the decrypting device divides E into E1, . . . , EL, initializes a counter i to be 1, and sets a register H to be the received value hash h(BL).
- the length of the message L is also received or determined (e.g., if a segment size of 1 kilobyte is used for all but the last segment, which may be less than 1 kilobyte, then L is the length of the message in kilobytes, rounded up).
- it compares the computed h(KROOT,Z) with the received validator V. If the result does not equal V, there is data corruption and the process is stopped at 611 without performing any decryption.
- the segment Ei is decrypted with the key in key register K to produce a plaintext segment Bi which consists of a data segment Di and a hash value.
- the message portion of Bi i.e., Di
- the output buffer e.g., in RAM
- key register K is advanced to the next segment key by computing g(K) then storing the result in K.
- the counter i is also incremented by 1.
- the value of i is compared with L and, if the value of i does not exceed L, the decryption process loops back to step 630 . Otherwise, the decryption process is complete and at step 670 , where the hash of the last plaintext segment (i.e., h(BL)), is compared to the received hash H. If the comparison at step 670 fails (i.e., the values are not equal), an error has occurred and the decryption fails (step 671 ). Otherwise the result data D1, . . . , DL are output in step 680 .
- the hashes of the plaintext are chained, with plaintext segment Bi containing the hash of the plaintext Bi ⁇ 1.
- This chaining while not strictly necessary for leakage resistance, provides the additional property that any faults that occur during the decryption process can be detected because the plaintext is verified to be that same as what was encrypted.
- this embodiment is advantageous for use in environments where there is potential for corruption the decryption process.
- FIG. 7 shows the application of verifiable leak-resistant cryptography for securely loading sensitive firmware on a central processing unit (CPU), e.g., as part of a so-called system on a chip (SoC).
- CPU central processing unit
- SoC system on a chip
- the reference numerals may refer to steps in a process, and/or to quantities used (or produced) by such process steps.
- the SoC consists of a single integrated circuit ( 700 ), containing a CPU ( 703 ), and various types of memory.
- the memories may include, without limitation, random access memory (RAM) ( 701 ) from which code may be executed, read-only-memory (ROM) ( 704 ) containing trusted bootstrap code, and a secret state storage memory ( 702 ) that holds a shared cryptographic secret KROOT.
- RAM random access memory
- ROM read-only-memory
- secret state storage memory 702
- the key storage memory could be implemented using a variety of techniques, such as, without limitation, fuses/antifuses, battery backed RAM, and EEPROM.
- the SoC may have an external power input ( 707 ) which may receive power from an untrusted source (e.g., potentially under the control and/or observation of adversaries).
- An externally supplied clock ( 708 ) may also be received (and may be used with PLLs to form additional clocks).
- the SoC has a cryptographic hardware component ( 705 ) with an AES engine for data encryption and decryption, a hash function engine, such as, without limitation, a SHA-1 or SHA-256 or a AES based hash function engine, and an implementation of the leak resistant, key-tree-based key derivation process based on FIG. 2 , with functions f0( ) . . . , fb ⁇ 1( ) implemented using the hash function and/or the AES function or their variants.
- the entire functionality of the cryptographic hardware component ( 705 ), or some subset thereof could be performed by in software (e.g., by the CPU).
- the SoC Upon bootstrap from the trusted bootstrap code in ROM, the SoC loads its sensitive software/data, over an untrusted interface ( 706 ), from an external, untrusted storage device, which in this embodiment is flash memory ( 709 ). To protect the sensitive software/data from disclosure or unauthorized modification, it is encrypted using the verifiable leak-resistant techniques (e.g., as shown in FIG. 1 or 5 ) by a device manufacturer or other code issuer using the shared secret cryptographic value KROOT. The encryption result is stored in the flash memory ( 709 ). The SoC first loads the encrypted code/data from the flash memory ( 709 ) to its internal RAM ( 701 ). It then performs the leak resistant decryption (e.g., as shown in FIG.
- security is complemented by storing a minimum acceptable software version number in fuses, battery backed memory, or other local storage of the device onto which the software is to be loaded. All software to be loaded into the device would carry a version number, and the device would only accept software with a version number greater that the minimum.
- some software versions might specifically instruct the SoC to update the minimum acceptable software version number, thereby preventing malicious rollback of software to a prior version that was deemed unacceptable.
- the foregoing anti-rollback methods could be implemented independently of (i.e., as an adjunct to) the verifiable leak-resistant operations. Alternatively, the anti-rollback methods could be implemented as part of the message identifier, the validator, or the other secured quantities used in the verifiable leak-resistant operations.
- SoC applications are not limited to the specific architecture presented herein, and SoCs or other devices with a different internal architecture and/or components from the embodiment presented in FIG. 7 may be protected.
- FIG. 8 shows the application of verifiable leak-resistant cryptography to a secure processor architecture ( 800 ).
- the reference numerals may refer to steps in a process, and/or to quantities used (or produced) by such process steps.
- the device contains a CPU, a keystore that holds internal secret state including a base secret cryptographic key KROOT.
- Nonvolatile storage such as, without limitation, fuses ( 801 ) may be employed for storing the internal secret state.
- the cryptographic hardware subcomponent ( 804 ) encrypts and/or integrity protects and/or replay protects all data moving out of the on-chip data/instruction cache ( 803 ) to external insecure RAM memory ( 806 ), and decrypts and/or integrity checks and/or replay checks all data being fetched from external insecure RAM memory.
- all code is stored in encrypted and integrity protected form in the insecure flash ( 805 ) and is decrypted and integrity checked when brought into the on-chip data/instruction cache ( 803 ).
- Exemplary processor architectures of the background art whose security could be improved through the addition of verifiable leak-resistant cryptography include, without limitation, the Secure Blue design from IBM (announced in an IBM press release entitled “IBM Extends Enhanced Data Security to Consumer Electronics Products” on Apr. 6, 2006) and the AEGIS design from MIT (described in AEGIS: Architecture for Tamper-evident and Tamper-resistant Processing, Proceedings of the 17th Annual International Conference on Supercomputing, pages 160-171, 2003).
- verifiable leak-resistant cryptography substantially improves the security of existing processor designs by providing protection against monitoring attacks.
- this embodiment enhances the cryptographic hardware subcomponent ( 804 ) to include a hash function and a key tree processing capability that reuses the (e.g., AES) encryption capability of an existing secure processor design and implements the steps and method of the first exemplary embodiment to create a secure leak-resistant secure processor.
- any data written from cache ( 803 ) to the RAM memory ( 806 ) is encrypted using the leak resistant encryption process (e.g., as shown in FIG. 1 ) and any code read from untrusted flash ( 805 ) and untrusted RAM is decrypted using the leak resistant decryption process outlined in FIG. 4 .
- a counter corresponding to the segment is incremented, and the counter value is incorporated in the encryption and/or integrity check creation process for the segment, thereby enabling the detection of attacks that involve substitution of old data.
- the logic to be loaded into a field programmable gate array often contains highly sensitive trade secrets, cryptographic secrets, and/or other sensitive information that needs to be protected from disclosure or copying.
- This loaded logic, or upgraded logic is typically supplied to the FPGA as a bitstream from an external source, such as, without limitation, a flash memory device or a CPU or some other source ( 907 ).
- Some FPGAs contain nonvolatile memory for storing configuration data, while others must be re-loaded each time the chip is powered on.
- Existing FPGAs have the ability to decrypt bitstreams, typically using a key that is held a battery-backed memory or stored locally (such as using on-chip flash, EEPROM, or fuses).
- the FPGA decrypts the supplied encrypted bitstream before (or while) installing it into the programmable slices present within the FPGA.
- Differential power analysis attacks and related external monitoring attacks can be attempted against the bitstream decryption processes, posing a serious security risk as a successful attack can result in disclosure of the bitstream decryption key and/or the bitstream itself.
- verifiable leak-resistant cryptography can be used to create a secure bitstream decryption capability on an FPGA.
- the sensitive bitstream is encrypted by an external device (using software, hardware or some combination thereof) using a leak-resistant encryption process (e.g., as described in the first exemplary embodiment), producing the encrypted bitstream.
- the encrypted bitstream may be located ( 907 ) in an untrusted memory, such as an external flash or hard drive, or retrieved from an untrusted source such as a CPU etc.
- the cryptographic secret KROOT for leak-resistant decryption is kept in the keystore ( 902 ) which stores the internal secret state, and which may be implemented using technologies such as, without limitation, fuses, battery-backed RAM ( 902 , 903 ), EEPROM, flash, etc.
- the FPGA ( 900 ) receives the encrypted bitstream over interface ( 906 ). This bitstream could, for example, have been encrypted using either of the first embodiment or the second exemplary embodiment (corresponding to FIGS. 1 and 5 ).
- the FPGA first receives nonce N, validator V, length L, and initial segment E1.
- E1 is stored in encrypted segment buffer ( 905 ).
- the hash of E1 is computed, and validator V is verified, with KROOT, L, and the hash, yielding (if successful) KMESSAGE or a fatal error (in which case the process halts).
- the FPGA uses the segment decryption processing component ( 904 ) to perform the leak resistant decryption process on E1.
- the decryption of E1 yields the hash of segment E2, which is loaded, verified, and decrypted.
- One or more status registers 910 are used to track the status of the bitstream loading process (e.g., tracking whether the process is in-progress, failed, or complete). The status can also be exported for diagnostic purposes and for use by external components.
- the FPGA is now configured and can be used (e.g., the FPGA can now permit I/O, clocking, etc. to be applied to the loaded bitstream image). FPGA operation can be prevented until the bitstream is fully loaded (e.g., to avoid revealing information about an incomplete FPGA image and to avoid unpredictable behavior of the overall circuit arising from incorrect FPGA configuration).
- the FPGA first receives E, V, N, and h(BL), and stores E in a buffer.
- the FPGA's segment decryption processing component 904 then uses the method described in FIG. 6 to validate and decrypt the provided encrypted segments.
- Status register(s) 910 are used to track the status of the bitstream loading, validation, and decryption processes, and any serious error results in the halting of the process and the wiping of any partial decrypted data.
- FIG. 10 shows the application of verifiable leak-resistant cryptography to protecting network communications from external monitoring attacks.
- multiple network devices such as Device A ( 1000 ), Device B ( 1030 ) and Devices C, D, E, etc. ( 1040 ) communicate with each other over a network ( 1020 ).
- Some or all of these communications may contain sensitive information, making it useful to encrypt and authenticate the data.
- some of these devices (such as Device A in this embodiment) are required to protect their cryptographic computations and keys from external monitoring attacks.
- Device A has a keystore ( 1001 ) to store a table of shared cryptographic root keys with other devices it needs to communicate with. These keys may have been previously stored, or may be negotiated (e.g., using public key cryptography). Methods for using public key cryptosystems to negotiate keys are well known in the background art, and are utilized in protocols such as SSL and IPSEC. This embodiment could easily be integrated into these or other protocols.
- Outbound packets or data segments to be encrypted originate from an application, operating system, driver, or other component ( 1002 ) and enter plaintext packet buffer ( 1003 ). Each packet is then processed using the segment encryption/decryption processing component ( 1004 ), where it is encrypted using a verifiable leak resistant encryption method (e.g., as described in FIG. 1 ).
- the root key for this encryption is the shared key between Device A and the destination device, which is obtained from the keystore ( 1001 ).
- the message identifier nonce N may be any (preferably) unique value, including a counter.
- the nonce could equal a packet identifier, a TCP sequence number with possibly the incorporation of additional most-significant bits to prevent overflows), the hash of a value, a random value, etc.
- the leak resistant encryption operation produces an encrypted segment and a validator V.
- the nonce may be transmitted or may be implicit (e.g., based on the number of packets received previously).
- the encrypted segment, V, and any other required data are assembled into an outgoing packet and moved to the network interface component ( 1006 ) and then to the network ( 1020 ) for routing to the appropriate destination device.
- the shared key between the receiving and sending device e.g., KROOT or a precursor used to derive KROOT
- KROOT a precursor used to derive KROOT
- the nonce N is recovered from the packet or otherwise determined
- the validator is verified against N and the encrypted packet
- the packet data are decrypted.
- the shared cryptographic secret between Device A and the sending device may be used as KROOT. If the decryption or validation fails, the packet is dropped. Otherwise, upon successful decryption, the decryption result can be provided to the application, operating system, driver, etc.
- FIG. 11 illustrates the verifiable packet level leak-resistant encryption process
- FIG. 12 illustrates the corresponding decryption process.
- the verifiable packet level leak-resistant encryption process is the following: Given an input packet data D ( 1100 ) with the source and destination sharing a base cryptographic value KROOT, a message identifier N is generated in step 1101 (e.g., using a random source and/or information present in the packet D and/or some packet identifier such as a sequence number associated with the communication protocol).
- N can be constructed from a session identifier, the sequence number (optionally with additional most significant bits appended to prevent rollover), the source port, the destination port, and/or other values.
- the hash of N is computed. (Optionally, this step may be omitted and N may be used instead of h(N) in deriving KMESSAGE.)
- the input packet data D is encrypted with the key KMESSAGE to yield the encrypted result E ( 1104 ).
- the hash of E is computed ( 1105 ) (e.g., using SHA-256).
- the output packet is formed to include V, E, and N (or any other information, if any, required to enable the recipient to recover N) ( 1107 ).
- the output data E is then transferred to a remote device (such as a remote computer over the Internet) in a packet.
- the encrypting device can encrypt multiple packets simultaneously such that only a single validator is required for all packets.
- the encryption process may be performed as shown in FIG. 3 , where each segment Di is a packet. Combining packets in this manner reduces the number of key tree operations required for both the sender and the recipient.
- FIG. 12 A corresponding verifiable packet level leak resistant decryption process is illustrated in FIG. 12 .
- V′ KMESSAGE
- Verifiable leakage-resistant encryption and decryption can be implemented in smart-cards (e.g., in connection with protocols where the smart-card is required to perform encryption and/or decryption in a manner that is secure from differential power analysis and related external monitoring attacks).
- Examples of such systems and protocols include, without limitation, the derivation of keys (control words) for the decryption of pay television signals, payments (including off-line payments), identity verification/network login, mobile telephone SIM cards, and transit passes.
- the exemplary cryptographic techniques disclosed in this patent can be used to ensure that the secret keys within smart-cards are protected from external monitoring attacks while performing such protocols.
- Smart cards can also be used to implement part or all of the leak resistant encryption or decryption processes utilized in a larger system, such as if the smart card implements the key-tree based key derivation process of FIG. 3 so that KSTART never needs to leave the smart card.
- two or more devices need to authenticate each other and/or exchange sensitive information amongst them.
- Example applications of such protocols include, without limitation: (i) authentication between a printer and a cartridge to ensure that both devices are genuine and not counterfeit; (ii) authentication between a set-top box and a smart-card to ensure that components are authentic (e.g., to prevent the introduction of stolen video decryption keys); (iii) authentication between a garage door and an opener; (iv) keyless entry systems (such as may be used in cars) which authenticate keys (e.g., prior to unlocking doors or starting the engine); (v) authentication protocols performed by frequently stolen items (such as car radios, GPS units, cell phones, etc.) to prevent stolen or tampered devices from being operated; and (vi) entry systems such as those found in secure buildings that authenticate keys/tokens prior to permitting entry.
- This section describes exemplary variants of the ENC( ) and DEC( ) operations which can be used in place of conventional encryption processes (such as AES in ECB or CBC mode) in implementing the exemplary embodiments (e.g., as shown at step 320 of FIG. 3 , step 410 of FIG. 4 , step 509 of FIG. 5 , step 630 of FIG. 6 , step 1104 of FIG. 11 , and step 1207 of FIG. 12 ).
- the cryptographic keys are changed frequently, for even greater security. Specifically, additional cryptographic key updates occur within the encryption of a data segment Di to Ei (or vice versa). Accordingly, we refer to these variants as implementing intra-segment key changes.
- FIG. 13 shows an exemplary embodiment of an ENC( ) operation for encrypting data segments.
- FIG. 14 shows a corresponding exemplary embodiment of a DEC( ) operation.
- these operations are built using the block cipher AES in cipher block chaining (CBC) mode, but it should be clear to those skilled in the art, that other block ciphers or encryption/decryption primitives or encryption modes could be used as well.
- CBC cipher block chaining
- the inputs to the encryption process for segment i are segment key Ki ( 1301 ) and data segment Di ( 1310 ).
- the input data segment Di ( 1310 ) is divided into sub-segments Di,1 ( 1311 ), Di,2 ( 1312 ), etc.
- FIGS. 13 and 14 show the data segment D being divided into sub-segments of 3 AES blocks, although other sizes can also be used and algorithms other than AES may, of course, also be employed.
- Segment key Ki is transformed with a hash operation m( ) yielding Ki,1 ( 1302 ) which is the key for the first sub-segment Di,1. If an initialization vector (IV) ( 1314 ) is to be used, it is XORed with the first AES block of Di,1. (If no IV is to be used, this XOR step may be omitted.
- an IV can be authenticated, e.g., by incorporating it into the validator computation, or by deriving the IV from a validated value such as a message identifier.
- the first bits of (Di XOR IV) are encrypted with AES ( 1315 ) using the segment key Ki,1 ( 1302 ), forming the first portion of ciphertext sub-segment Ei,1 ( 1320 ).
- This ciphertext portion is also XORed with the next bits of sub-segment Di,1 ( 1311 ), yielding another AES input which is subsequently encrypted using segment key K0 ( 1302 ) to produce the next portion of sub-segment Di,1 ( 1311 ).
- a similar cipher block chaining operation is performed to form the input to the third AES encryption, which is also performed with key Ki,1.
- the results of the three AES operations is the ciphertext sub-segment Ei,1 ( 1320 ).
- the fourth AES operation is performed on the first block of the next data sub-segment Di,2, ( 1312 ), and a new key is used, notably Ki,2 ( 1303 ), which is derived by applying m( ) to Ki,1 ( 1302 ).
- the last ciphertext from processing Di,1 becomes the IV ( 1317 ) for the first portion of Di,2 ( 1312 ).
- the encryption process continues until all blocks of all s data sub-segments have been encrypted, ultimately yielding the encrypted sub-segments Ei,2 ( 1321 ), . . . , Ei,s ( 1322 ), and where a new key is derived using m( ) for each sub-segment. Finally, the ciphertext sub-segments are assembled to form the final ciphertext segment Ei ( 1330 ).
- the decryption process DEC( ) is the reverse of the ENC( ) process.
- the subkeys Ki,1 ( 1402 ), Ki,2, ( 1403 ), etc. are derived from the segment key Ki ( 1401 ) using m( ) via the same process as for encryption above.
- the encrypted segment Ei is divided into sub-segments, each comprising one or more AES inputs, which are decrypted with the subkeys.
- the appropriate IV (if any) or prior ciphertext is XORed with the data.
- the final data are assembled to form the sub-segments ( 1420 , 1421 , 1432 , etc.), which are in turn assembled to form Di ( 1430 ).
- the ENC( ) and DEC( ) process above are examples which involve rapid key changes so as to provide greater leakage tolerance.
- Other segment encryption and decryption methods can be used, including the application of stream ciphers and/or block ciphers (such as RC4, SEAL, AES, DES, triple DES, etc.) in ECB, CBC, or counter (e.g., Galois counter) modes.
- stream ciphers and/or block ciphers such as RC4, SEAL, AES, DES, triple DES, etc.
- counter e.g., Galois counter
- Data exchanges described herein may be accomplished in a wide range of possible manners.
- conventional buses/interfaces such as I2C, JTAG, PCI, serial I/O (including USB), PCI Express, Ethernet, etc.
- wireless protocols such as 802.11 family, Bluetooth, cellular telephony protocols, ISO14443, etc.
- intra-chip connections such as APB, direct connections with other flip flops, etc.
- the sending device(s) and receiving device(s) would have appropriate interfaces (e.g., interfaces of the foregoing types) with can send, receive, or send and receive (as appropriate).
- the exemplary embodiments presented thus far have utilized the leak-resistant key-tree-based key derivation process (e.g., as illustrated in FIG. 2 ) to compute a validator of the ciphertext which can be verified safely prior to decryption. While this process is well suited to a broad range of applications, other techniques for creating a value that could serve a similar role, and may be adequate in certain settings. For example, in some embodiments the encryption process is not required to be resistant to external monitoring (but the decryption process does require such resistance) and/or algorithm-level countermeasures for public key digital signing processes (such as those described in U.S. Pat. No. 6,304,658) may be present.
- the encryption process is not required to be resistant to external monitoring (but the decryption process does require such resistance) and/or algorithm-level countermeasures for public key digital signing processes (such as those described in U.S. Pat. No. 6,304,658) may be present.
- digital signing (digital signature) operations may be used to construct a value which can be verified at decryption time to ensure that the ciphertext is unmodified.
- the digital signature could authenticate the message identifier and at least one encrypted segment.
- public key digital signing algorithms include, without limitation, RSA, DSA, and elliptic curve DSA variants (including without limitation EC-DSA).
- the verification of a digital signature does not require any sensitive information, and accordingly may be performed prior to decryption. However, this flexibility comes at the cost of requiring public key signing logic within the encrypting device and public key verification logic within the decrypting device. It is also possible for a validator (or validator substitute) to be comprised of multiple symmetric validators, public key signatures, or other elements.
- Segment keys e.g., K1, K2, . . . KL in FIG. 3
- sub-segment keys Ki,1, Ki,2, etc. in FIG. 13
- keys can be derived in a hierarchical tree pattern, or more generally each key can be a function of any prior key(s), or could be independently derived from KROOT using the key tree construction, or keys could be derived using some combination of other keys and the key tree construction.
- the ordering of data transmissions and operations can be altered.
- the first exemplary embodiment described in FIGS. 1, 3 and 4 shows the encryption process proceeding from the last segment DL to the first segment D1 with each segment Di containing the hash of the encryption result, Ei+1, of the i+1'th segment.
- a separate validator is computed for the first encrypted segment E1 (e.g., see step 106 ).
- This approach can be advantageous for the decrypting device as shown in FIG. 4 , since it does not need to buffer the entire encryption result before decrypting, whereas the encrypting device has to do so.
- the encrypting device could encrypt the segments starting from D1 and ending with DL, with each segment Di+1 containing the hash of the encryption Ei of the previous segment.
- the segment D1 is (for example) extended by a string of 0's of size equal to the output length of the hash function to indicate it is the first segment.
- the decryption process is similar to FIG. 4 , but proceeds in the reverse direction starting from the last encrypted segment to the first.
- the encrypting device no longer has to buffer the data segments, although the decrypting device now has to do so.
- FIG. 3 shows first data segment ( 312 ) carrying a hash h(E2) to validate that segment E2 was not changed.
- hash is not always required, and in some cases could be omitted (e.g., if the next segment instead carries a validator). This simplifies encryption somewhat, but increases computation time since more validators need to be computed and checked. In streaming applications or if storage/memory are limited, the additional computational effort may be justified given the benefit of avoiding the need to have the subsequent data available and buffered.
- a single operation such as h( ) in FIG. 3
- h( ) in FIG. 3 is applied multiple times and/or is used for different uses. It is generally not required that these all be the same function.
- different steps could employ different hash functions.
- the output of hash function may be truncated, combined with other hash function outputs, or otherwise modified through post-processing.
- SHA-2 produces a 256-bit output hash, but a shorter message identifier (such as 160-, 128-, 80- or 64-bits) may be desired.
- the function h( ) may use SHA-2 internally and return only some bits of its result.
- Some of the exemplary embodiments designate a specific order in which data elements are concatenated or combined. For instance, in FIG. 3 , steps 303 - 312 , the data Di is concatenated with the hash h(Ei+1). Other examples where data segments are concatenated in sequence before being hashed include FIG. 5 , elements 501 - 504 & 513 , in step 306 of FIG. 3 . These specific orderings are just one example of a possible ordering, and a variety of other data orderings could be utilized in alternate embodiments.
- the techniques disclosed in this patent may additionally provide some inherent resistance against certain types of fault injection attacks on the encryption and decryption processes.
- a limited or partial fault introduced during the key tree based key derivation process would produce random, unpredictable results due to the usage of entropy redistribution functions within this process.
- corrupted intermediates will typically be mixed by subsequent entropy redistribution functions, which will limit adversaries' ability to mount attacks utilizing defective results.
- Self-diagnostic functions such as a POST (power-on-self-test) and random number testing may also be incorporated to verify that cryptographic functions and random number generation capability has not been damaged.
- POST power-on-self-test
- random number testing may also be incorporated to verify that cryptographic functions and random number generation capability has not been damaged.
- ASICs application-specific integrated circuits
- FPGAs field programmable gate arrays
- SoC systems on chip
- microprocessors secure processors
- secure network devices cryptographic smartcards of all kinds (including without limitation smartcards substantially compliant with ISO 7816-1, ISO 7816-2, and ISO 7816-3 (“ISO 7816-compliant smartcards”)); contactless and proximity-based smartcards and cryptographic tokens (including without limitation smartcards substantially compliant with ISO 14443); stored value cards and systems; cryptographically secured credit and debit cards; customer loyalty cards and systems; cryptographically authenticated credit cards; cryptographic accelerators; gambling and wagering systems; secure cryptographic chips; tamper-resistant microprocessors; software programs (including without limitation programs for
- cryptographic devices key management devices; banking key management systems; secure web servers; defense systems; electronic payment systems; micropayment systems and meters; prepaid telephone cards; cryptographic identification cards and other identity verification systems; systems for electronic funds transfer; automatic teller machines; point of sale terminals; certificate issuance systems; electronic badges; door entry systems; physical locks of all kinds using cryptographic keys; systems for decrypting television signals (including without limitation, broadcast television, satellite television, and cable television); systems for decrypting enciphered music and other audio content (including music distributed over computer networks); systems for protecting video signals of all kinds; content protection and copy protection systems (such as those used to prevent unauthorized copying or use of movies, audio content, computer programs, video games, images, text, databases, etc.); cellular telephone scrambling and authentication systems (including telephone authentication smartcards); secure telephones (including key storage devices for such telephones); cryptographic PCMCIA cards; portable cryptographic tokens; and cryptographic data auditing systems.
- key management devices banking key management systems; secure web servers; defense systems; electronic payment systems; micropayment systems and
Abstract
Description
Claims (20)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/240,671 US11074349B2 (en) | 2009-12-04 | 2019-01-04 | Apparatus with anticounterfeiting measures |
US17/382,333 US11797683B2 (en) | 2009-12-04 | 2021-07-21 | Security chip with resistance to external monitoring attacks |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US26694809P | 2009-12-04 | 2009-12-04 | |
US12/958,570 US8386800B2 (en) | 2009-12-04 | 2010-12-02 | Verifiable, leak-resistant encryption and decryption |
US13/762,703 US8707052B2 (en) | 2009-12-04 | 2013-02-08 | Cryptographic device with resistance to differential power analysis and other external monitoring attacks |
US14/201,539 US8977864B2 (en) | 2009-12-04 | 2014-03-07 | Programmable logic device with resistance to external monitoring attacks |
US14/617,437 US9569623B2 (en) | 2009-12-04 | 2015-02-09 | Secure boot with resistance to differential power analysis and other external monitoring attacks |
US15/395,809 US10262141B2 (en) | 2009-12-04 | 2016-12-30 | Secure processor with resistance to external monitoring attacks |
US16/240,671 US11074349B2 (en) | 2009-12-04 | 2019-01-04 | Apparatus with anticounterfeiting measures |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/395,809 Continuation US10262141B2 (en) | 2009-12-04 | 2016-12-30 | Secure processor with resistance to external monitoring attacks |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/382,333 Continuation US11797683B2 (en) | 2009-12-04 | 2021-07-21 | Security chip with resistance to external monitoring attacks |
Publications (2)
Publication Number | Publication Date |
---|---|
US20190377879A1 US20190377879A1 (en) | 2019-12-12 |
US11074349B2 true US11074349B2 (en) | 2021-07-27 |
Family
ID=44083176
Family Applications (10)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/958,570 Active 2031-04-17 US8386800B2 (en) | 2009-12-04 | 2010-12-02 | Verifiable, leak-resistant encryption and decryption |
US13/762,703 Active US8707052B2 (en) | 2009-12-04 | 2013-02-08 | Cryptographic device with resistance to differential power analysis and other external monitoring attacks |
US14/201,539 Active US8977864B2 (en) | 2009-12-04 | 2014-03-07 | Programmable logic device with resistance to external monitoring attacks |
US14/617,437 Active 2031-02-08 US9569623B2 (en) | 2009-12-04 | 2015-02-09 | Secure boot with resistance to differential power analysis and other external monitoring attacks |
US14/737,154 Active US9576133B2 (en) | 2009-12-04 | 2015-06-11 | Detection of data tampering of encrypted data |
US14/752,677 Active US9367693B2 (en) | 2009-12-04 | 2015-06-26 | Bitstream confirmation for configuration of a programmable logic device |
US15/395,809 Active US10262141B2 (en) | 2009-12-04 | 2016-12-30 | Secure processor with resistance to external monitoring attacks |
US15/691,601 Active US9940463B2 (en) | 2009-12-04 | 2017-08-30 | System and method for secure authentication |
US16/240,671 Active US11074349B2 (en) | 2009-12-04 | 2019-01-04 | Apparatus with anticounterfeiting measures |
US17/382,333 Active 2030-12-21 US11797683B2 (en) | 2009-12-04 | 2021-07-21 | Security chip with resistance to external monitoring attacks |
Family Applications Before (8)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/958,570 Active 2031-04-17 US8386800B2 (en) | 2009-12-04 | 2010-12-02 | Verifiable, leak-resistant encryption and decryption |
US13/762,703 Active US8707052B2 (en) | 2009-12-04 | 2013-02-08 | Cryptographic device with resistance to differential power analysis and other external monitoring attacks |
US14/201,539 Active US8977864B2 (en) | 2009-12-04 | 2014-03-07 | Programmable logic device with resistance to external monitoring attacks |
US14/617,437 Active 2031-02-08 US9569623B2 (en) | 2009-12-04 | 2015-02-09 | Secure boot with resistance to differential power analysis and other external monitoring attacks |
US14/737,154 Active US9576133B2 (en) | 2009-12-04 | 2015-06-11 | Detection of data tampering of encrypted data |
US14/752,677 Active US9367693B2 (en) | 2009-12-04 | 2015-06-26 | Bitstream confirmation for configuration of a programmable logic device |
US15/395,809 Active US10262141B2 (en) | 2009-12-04 | 2016-12-30 | Secure processor with resistance to external monitoring attacks |
US15/691,601 Active US9940463B2 (en) | 2009-12-04 | 2017-08-30 | System and method for secure authentication |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US17/382,333 Active 2030-12-21 US11797683B2 (en) | 2009-12-04 | 2021-07-21 | Security chip with resistance to external monitoring attacks |
Country Status (8)
Country | Link |
---|---|
US (10) | US8386800B2 (en) |
EP (2) | EP2507708B1 (en) |
JP (2) | JP5552541B2 (en) |
KR (1) | KR101714108B1 (en) |
CN (1) | CN102725737B (en) |
IL (1) | IL219906A (en) |
TW (1) | TWI440351B (en) |
WO (1) | WO2011068996A1 (en) |
Families Citing this family (271)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10181953B1 (en) | 2013-09-16 | 2019-01-15 | Amazon Technologies, Inc. | Trusted data verification |
US7587044B2 (en) | 1998-01-02 | 2009-09-08 | Cryptography Research, Inc. | Differential power analysis method and apparatus |
US8874477B2 (en) | 2005-10-04 | 2014-10-28 | Steven Mark Hoffberg | Multifactorial optimization system and method |
US20090307140A1 (en) * | 2008-06-06 | 2009-12-10 | Upendra Mardikar | Mobile device over-the-air (ota) registration and point-of-sale (pos) payment |
US9680637B2 (en) | 2009-05-01 | 2017-06-13 | Harris Corporation | Secure hashing device using multiple different SHA variants and related methods |
US10454674B1 (en) * | 2009-11-16 | 2019-10-22 | Arm Limited | System, method, and device of authenticated encryption of messages |
US8386800B2 (en) | 2009-12-04 | 2013-02-26 | Cryptography Research, Inc. | Verifiable, leak-resistant encryption and decryption |
WO2011097482A1 (en) | 2010-02-05 | 2011-08-11 | Maxlinear, Inc. | Conditional access integration in a soc for mobile tv applications |
WO2011119985A2 (en) | 2010-03-26 | 2011-09-29 | Maxlinear, Inc. | Firmware authentication and deciphering for secure tv receiver |
US8935520B2 (en) | 2010-03-30 | 2015-01-13 | Maxlinear, Inc. | Control word obfuscation in secure TV receiver |
US9143324B2 (en) * | 2010-06-07 | 2015-09-22 | Protected Mobility, Llc | Secure messaging |
US9172680B2 (en) | 2010-06-07 | 2015-10-27 | Protected Mobility, Llc | Systems and methods for enabling secure messaging, command, and control of remote devices, communicated via a short message service or other message oriented communications mediums |
US8984271B2 (en) | 2010-06-07 | 2015-03-17 | Protected Mobility, Llc | User interface systems and methods for input and display of secure and insecure message oriented communications |
US9602277B2 (en) | 2010-06-07 | 2017-03-21 | Protected Mobilty, Llc | User interface systems and methods for secure message oriented communications |
US8892855B2 (en) * | 2010-08-10 | 2014-11-18 | Maxlinear, Inc. | Encryption keys distribution for conditional access software in TV receiver SOC |
CN101925060A (en) * | 2010-08-27 | 2010-12-22 | 西安西电捷通无线网络通信股份有限公司 | Entity identification method and system of energy-constrained network |
CN102014386B (en) * | 2010-10-15 | 2012-05-09 | 西安西电捷通无线网络通信股份有限公司 | Entity authentication method and system based on symmetrical code algorithm |
US8924706B2 (en) | 2010-11-05 | 2014-12-30 | Protected Mobility, Llc | Systems and methods using one time pads during the exchange of cryptographic material |
US9237155B1 (en) | 2010-12-06 | 2016-01-12 | Amazon Technologies, Inc. | Distributed policy enforcement with optimizing policy transformations |
JP2012169756A (en) * | 2011-02-10 | 2012-09-06 | Hitachi Ltd | Encrypted communication inspection system |
JP5286380B2 (en) * | 2011-03-07 | 2013-09-11 | 株式会社東芝 | Data transmission apparatus and transmission method |
EP2523385B1 (en) * | 2011-05-05 | 2017-07-12 | Proton World International N.V. | Method and circuit for cryptographic operation |
US9438418B1 (en) * | 2011-05-06 | 2016-09-06 | Altera Corporation | Systems and methods for generating a key difficult to clone |
US8769642B1 (en) | 2011-05-31 | 2014-07-01 | Amazon Technologies, Inc. | Techniques for delegation of access privileges |
IL213497A0 (en) * | 2011-06-12 | 2011-08-31 | Eliphaz Hibshoosh | Light public key cryptography |
EP2535804A1 (en) * | 2011-06-17 | 2012-12-19 | Thomson Licensing | Fault-resistant exponentiation algorithm |
US8862767B2 (en) | 2011-09-02 | 2014-10-14 | Ebay Inc. | Secure elements broker (SEB) for application communication channel selector optimization |
FR2980607B1 (en) * | 2011-09-27 | 2014-04-25 | Proton World Int Nv | KEY DERIVATION METHOD IN AN INTEGRATED CIRCUIT |
US9178701B2 (en) | 2011-09-29 | 2015-11-03 | Amazon Technologies, Inc. | Parameter based key derivation |
US9197409B2 (en) | 2011-09-29 | 2015-11-24 | Amazon Technologies, Inc. | Key derivation techniques |
US9203613B2 (en) | 2011-09-29 | 2015-12-01 | Amazon Technologies, Inc. | Techniques for client constructed sessions |
US9553725B2 (en) * | 2011-11-21 | 2017-01-24 | Combined Conditional Access Development And Support, Llc | System and method for authenticating data |
US10797864B2 (en) | 2011-11-21 | 2020-10-06 | Combined Conditional Access Development And Support, Llc | System and method for authenticating data while minimizing bandwidth |
US8627488B2 (en) * | 2011-12-05 | 2014-01-07 | At&T Intellectual Property I, L.P. | Methods and apparatus to anonymize a dataset of spatial data |
US10360106B2 (en) | 2011-12-12 | 2019-07-23 | International Business Machines Corporation | Throttled real-time writes |
US20180083930A1 (en) * | 2011-12-12 | 2018-03-22 | International Business Machines Corporation | Reads for dispersed computation jobs |
US9674155B2 (en) | 2011-12-12 | 2017-06-06 | International Business Machines Corporation | Encrypting segmented data in a distributed computing system |
WO2013089682A1 (en) * | 2011-12-13 | 2013-06-20 | Intel Corporation | Method and apparatus to process keccak secure hashing algorithm |
US8984273B2 (en) | 2011-12-16 | 2015-03-17 | Protected Mobility, Llc | Method to provide secure multimedia messaging between peer systems |
WO2013095547A1 (en) * | 2011-12-22 | 2013-06-27 | Intel Corporation | Apparatus and method of execution unit for calculating multiple rounds of a skein hashing algorithm |
KR101264286B1 (en) | 2012-01-13 | 2013-05-22 | 고려대학교 산학협력단 | System and method for database encryption |
US9544075B2 (en) | 2012-02-22 | 2017-01-10 | Qualcomm Incorporated | Platform for wireless identity transmitter and system using short range wireless broadcast |
US10419907B2 (en) | 2012-02-22 | 2019-09-17 | Qualcomm Incorporated | Proximity application discovery and provisioning |
US9329879B2 (en) * | 2012-02-23 | 2016-05-03 | Qualcomm Innovation Center, Inc. | Device, method, and system to enable secure distribution of javascripts |
JP5612006B2 (en) | 2012-03-13 | 2014-10-22 | 株式会社東芝 | Data transmitting apparatus, data receiving apparatus, and program |
TWI451741B (en) * | 2012-03-19 | 2014-09-01 | Chiou Haun Lee | Method of by xoring among cryptographic communications with third party |
US9215076B1 (en) | 2012-03-27 | 2015-12-15 | Amazon Technologies, Inc. | Key generation for hierarchical data access |
US8892865B1 (en) | 2012-03-27 | 2014-11-18 | Amazon Technologies, Inc. | Multiple authority key derivation |
US8739308B1 (en) | 2012-03-27 | 2014-05-27 | Amazon Technologies, Inc. | Source identification for unauthorized copies of content |
DE102012206272A1 (en) * | 2012-04-17 | 2013-10-17 | Beckhoff Automation Gmbh | Fieldbus communication |
US10360593B2 (en) | 2012-04-24 | 2019-07-23 | Qualcomm Incorporated | Retail proximity marketing |
US10621044B2 (en) | 2012-04-25 | 2020-04-14 | Pure Storage, Inc. | Mapping slice groupings in a dispersed storage network |
US9380032B2 (en) | 2012-04-25 | 2016-06-28 | International Business Machines Corporation | Encrypting data for storage in a dispersed storage network |
US10795766B2 (en) | 2012-04-25 | 2020-10-06 | Pure Storage, Inc. | Mapping slice groupings in a dispersed storage network |
US9660972B1 (en) | 2012-06-25 | 2017-05-23 | Amazon Technologies, Inc. | Protection from data security threats |
US9258118B1 (en) | 2012-06-25 | 2016-02-09 | Amazon Technologies, Inc. | Decentralized verification in a distributed system |
US9160719B2 (en) | 2012-07-20 | 2015-10-13 | Protected Mobility, Llc | Hiding ciphertext using a linguistics algorithm with dictionaries |
US8917868B2 (en) * | 2012-08-22 | 2014-12-23 | Vixs Systems, Inc. | Adaptable encryption device and methods for use therewith |
US11126418B2 (en) * | 2012-10-11 | 2021-09-21 | Mcafee, Llc | Efficient shared image deployment |
US9189225B2 (en) | 2012-10-16 | 2015-11-17 | Imprivata, Inc. | Secure, non-disruptive firmware updating |
KR20140052243A (en) * | 2012-10-23 | 2014-05-07 | 한국전자통신연구원 | Apparatus and method for providing network data service, client device for network data service |
US8886926B2 (en) * | 2012-11-07 | 2014-11-11 | Centri Technology, Inc. | Single-pass data compression and encryption |
US9571289B2 (en) * | 2012-11-12 | 2017-02-14 | Cryptography Research, Inc. | Methods and systems for glitch-resistant cryptographic signing |
CN103023635B (en) * | 2012-12-03 | 2015-10-07 | 广东欧珀移动通信有限公司 | A kind of method of information back-up and device |
CN103023653B (en) * | 2012-12-07 | 2017-03-29 | 哈尔滨工业大学深圳研究生院 | The Internet of Things Secure Group Communication method and device of low-power consumption |
US9690759B2 (en) * | 2013-01-03 | 2017-06-27 | Cable Television Laboratories, Inc. | Content linking |
US9124434B2 (en) | 2013-02-01 | 2015-09-01 | Microsoft Technology Licensing, Llc | Securing a computing device accessory |
JP6238774B2 (en) | 2013-02-21 | 2017-11-29 | キヤノン株式会社 | Hash value generator |
JP6113091B2 (en) * | 2013-03-07 | 2017-04-12 | キヤノン株式会社 | Hash value generator |
WO2014140698A1 (en) * | 2013-03-11 | 2014-09-18 | Indian Institute of Technology Kharagpur | Improved resistance to cache timing attacks on block cipher encryption |
US9425967B2 (en) | 2013-03-20 | 2016-08-23 | Industrial Technology Research Institute | Method for certificate generation and revocation with privacy preservation |
JP5931797B2 (en) * | 2013-05-27 | 2016-06-08 | 日本電信電話株式会社 | Signature system and method, signature generation apparatus, and signature verification apparatus |
US9763067B2 (en) | 2013-05-28 | 2017-09-12 | Protected Mobility, Llc | Methods and apparatus for long-short wave, low-high frequency radio secure message service |
KR101416447B1 (en) * | 2013-06-17 | 2014-07-10 | (주)씽크에이티 | Method and system for protecting information based on telephone certification |
FR3007168B1 (en) * | 2013-06-18 | 2016-10-07 | Stmicroelectronics Rousset | MECHANISM FOR VERIFYING THE AUTHENTICITY OF A PRODUCT |
FR3007169B1 (en) | 2013-06-18 | 2016-10-07 | Stmicroelectronics Rousset | METHOD OF VERIFYING THE AUTHENTICITY OF A PRODUCT |
US9407440B2 (en) | 2013-06-20 | 2016-08-02 | Amazon Technologies, Inc. | Multiple authority data security and access |
GB2513669B (en) | 2013-06-21 | 2016-07-20 | Visa Europe Ltd | Enabling access to data |
TWI510046B (en) * | 2013-07-04 | 2015-11-21 | Univ Nat Cheng Kung | Method for authenticated encryption and decryption |
US9521000B1 (en) | 2013-07-17 | 2016-12-13 | Amazon Technologies, Inc. | Complete forward access sessions |
US9160525B2 (en) * | 2013-07-19 | 2015-10-13 | Qualcomm Incorporated | Apparatus and method for key update for use in a block cipher algorithm |
US9736181B2 (en) * | 2013-07-26 | 2017-08-15 | Intel Corporation | Hardening data transmissions against power side channel analysis |
US10403173B2 (en) * | 2013-08-13 | 2019-09-03 | Fiske Software, Llc | NADO cryptography using one-way functions |
US9485222B2 (en) * | 2013-08-20 | 2016-11-01 | Hewlett-Packard Development Company, L.P. | Data stream traffic control |
US9053325B2 (en) * | 2013-08-22 | 2015-06-09 | Freescale Semiconductor, Inc. | Decryption key management system |
US9189638B1 (en) * | 2013-08-25 | 2015-11-17 | Google Inc. | Systems and methods for multi-function and multi-purpose cryptography |
TWI631462B (en) * | 2013-09-10 | 2018-08-01 | 系微股份有限公司 | Computing system and computing device-implemented method to secure on-board bus transactions and non-transitory computer readable storage medium |
US9311500B2 (en) | 2013-09-25 | 2016-04-12 | Amazon Technologies, Inc. | Data security using request-supplied keys |
US9218235B2 (en) * | 2013-09-25 | 2015-12-22 | Lexmark International, Inc. | Systems and methods of verifying operational information associated with an imaging device |
US9237019B2 (en) | 2013-09-25 | 2016-01-12 | Amazon Technologies, Inc. | Resource locators with keys |
CN103761456B (en) * | 2013-10-12 | 2016-05-11 | 利尔达科技集团股份有限公司 | A kind of anti-method cracking of monolithic microcomputer kernel code |
FR3012234B1 (en) * | 2013-10-23 | 2017-02-24 | Proton World Int Nv | PROTECTION OF THE EXECUTION OF AN ALGORITHM AGAINST HIDDEN CHANNEL ATTACKS |
US10243945B1 (en) | 2013-10-28 | 2019-03-26 | Amazon Technologies, Inc. | Managed identity federation |
US9420007B1 (en) | 2013-12-04 | 2016-08-16 | Amazon Technologies, Inc. | Access control using impersonization |
EP2884692B1 (en) * | 2013-12-13 | 2020-05-20 | Nxp B.V. | Updating software on a secure element |
CN103729602B (en) * | 2013-12-18 | 2016-08-17 | 东莞市乐升电子有限公司 | Utilize the method that power source management controller is encrypted protection to system |
CN104753661A (en) * | 2013-12-30 | 2015-07-01 | 上海格尔软件股份有限公司 | Secret key description file for commercial code equipment |
US9369461B1 (en) | 2014-01-07 | 2016-06-14 | Amazon Technologies, Inc. | Passcode verification using hardware secrets |
US9374368B1 (en) | 2014-01-07 | 2016-06-21 | Amazon Technologies, Inc. | Distributed passcode verification system |
US9292711B1 (en) | 2014-01-07 | 2016-03-22 | Amazon Technologies, Inc. | Hardware secret usage limits |
US9262642B1 (en) | 2014-01-13 | 2016-02-16 | Amazon Technologies, Inc. | Adaptive client-aware session security as a service |
EP2902934B1 (en) * | 2014-02-03 | 2019-04-10 | Nxp B.V. | Portable Security Device, Method for Securing a Data Exchange and Computer Program Product |
US20150242620A1 (en) * | 2014-02-27 | 2015-08-27 | Microsemi SoC Corporation | Methods for controlling the use of intellectual property in individual integrated circuit devices |
US10771255B1 (en) | 2014-03-25 | 2020-09-08 | Amazon Technologies, Inc. | Authenticated storage operations |
WO2015144764A1 (en) * | 2014-03-26 | 2015-10-01 | Continental Teves Ag & Co. Ohg | Method and system for improving the data security during a communication process |
US9473296B2 (en) * | 2014-03-27 | 2016-10-18 | Intel Corporation | Instruction and logic for a simon block cipher |
CN106463069A (en) | 2014-05-14 | 2017-02-22 | 三菱电机株式会社 | Encryption device, storage system, decryption device, encryption method, decryption method, encryption program, and decryption program |
US9871651B2 (en) * | 2014-06-16 | 2018-01-16 | Cisco Technology, Inc. | Differential power analysis countermeasures |
CN106663389A (en) * | 2014-06-18 | 2017-05-10 | 詹姆斯·科利尔 | Methods and apparatus for cryptography |
US10114369B2 (en) | 2014-06-24 | 2018-10-30 | Microsemi SoC Corporation | Identifying integrated circuit origin using tooling signature |
US9258117B1 (en) | 2014-06-26 | 2016-02-09 | Amazon Technologies, Inc. | Mutual authentication with symmetric secrets and signatures |
US10326597B1 (en) | 2014-06-27 | 2019-06-18 | Amazon Technologies, Inc. | Dynamic response signing capability in a distributed system |
US8990556B1 (en) | 2014-08-13 | 2015-03-24 | Gimbal, Inc. | Sharing beacons |
US9571465B1 (en) | 2014-09-18 | 2017-02-14 | Amazon Technologies, Inc. | Security verification by message interception and modification |
US10061738B2 (en) | 2014-09-30 | 2018-08-28 | Jonker Llc | Ephemeral peripheral device |
US10839086B2 (en) * | 2014-09-30 | 2020-11-17 | Jonker Llc | Method of operating ephemeral peripheral device |
US10115467B2 (en) * | 2014-09-30 | 2018-10-30 | Jonker Llc | One time accessible (OTA) non-volatile memory |
WO2016053792A1 (en) | 2014-10-03 | 2016-04-07 | Cryptography Research, Inc. | Exponent splitting for cryptographic operations |
US9288043B1 (en) * | 2014-10-17 | 2016-03-15 | Motorola Solutions, Inc. | Methods and systems for providing high-security cryptographic keys to mobile radios |
US10353638B2 (en) | 2014-11-18 | 2019-07-16 | Microsemi SoC Corporation | Security method and apparatus to prevent replay of external memory data to integrated circuits having only one-time programmable non-volatile memory |
CA2968038C (en) * | 2014-12-03 | 2024-01-09 | Nagravision S.A. | Block cryptographic method for encrypting/decrypting messages and cryptographic devices for implementing this method |
DE102015201298A1 (en) * | 2015-01-26 | 2016-07-28 | Robert Bosch Gmbh | Method for the cryptographic processing of data |
US10013363B2 (en) | 2015-02-09 | 2018-07-03 | Honeywell International Inc. | Encryption using entropy-based key derivation |
JP6273226B2 (en) * | 2015-02-26 | 2018-01-31 | 日本電信電話株式会社 | Encryption system, authentication system, encryption device, decryption device, authenticator generation device, verification device, encryption method, authentication method |
US9832022B1 (en) | 2015-02-26 | 2017-11-28 | Altera Corporation | Systems and methods for performing reverse order cryptographic operations on data streams |
JP6273223B2 (en) * | 2015-02-26 | 2018-01-31 | 日本電信電話株式会社 | ENCRYPTION SYSTEM, ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, ENCRYPTION PROGRAM, DECRYPTION PROGRAM |
JP6273225B2 (en) * | 2015-02-26 | 2018-01-31 | 日本電信電話株式会社 | ENCRYPTION SYSTEM, ENCRYPTION DEVICE, DECRYPTION DEVICE, ENCRYPTION METHOD, ENCRYPTION PROGRAM, DECRYPTION PROGRAM |
CN104602209A (en) * | 2015-02-27 | 2015-05-06 | 中国科学院大学 | Combined information source short message encryption and decryption method based on RSA algorithm and stream cipher algorithm |
US9107152B1 (en) | 2015-03-11 | 2015-08-11 | Gimbal, Inc. | Beacon protocol advertising bi-directional communication availability window |
CN108064381B (en) * | 2015-03-30 | 2021-06-18 | 爱迪德技术有限公司 | Method for data protection |
US9697359B2 (en) | 2015-04-15 | 2017-07-04 | Qualcomm Incorporated | Secure software authentication and verification |
US9703973B2 (en) * | 2015-04-28 | 2017-07-11 | International Business Machines Corporation | Customer load of field programmable gate arrays |
EP3089398B1 (en) * | 2015-04-30 | 2017-10-11 | Nxp B.V. | Securing a cryptographic device |
US10979553B2 (en) | 2015-05-15 | 2021-04-13 | Overhead Door Corporation | Near field communications activated door access panel |
US9697340B2 (en) * | 2015-06-14 | 2017-07-04 | Guardtime IP Holdings, Ltd. | System and methods with assured one-time, replay-resistant passwords |
US10122689B2 (en) | 2015-06-16 | 2018-11-06 | Amazon Technologies, Inc. | Load balancing with handshake offload |
US10122692B2 (en) | 2015-06-16 | 2018-11-06 | Amazon Technologies, Inc. | Handshake offload |
DE102015211540A1 (en) * | 2015-06-23 | 2016-12-29 | Bayerische Motoren Werke Aktiengesellschaft | Method, server, firewall, control unit, and system for programming a control unit of a vehicle |
US10642962B2 (en) | 2015-07-28 | 2020-05-05 | Western Digital Technologies, Inc. | Licensable function for securing stored data |
WO2017038761A1 (en) * | 2015-08-31 | 2017-03-09 | 日本電気株式会社 | Secret calculation system, secret calculation device, and secret calculation method |
US9660803B2 (en) | 2015-09-15 | 2017-05-23 | Global Risk Advisors | Device and method for resonant cryptography |
CN105224831B (en) * | 2015-09-29 | 2018-06-15 | 深圳市九洲电器有限公司 | Terminal Equipment Identifier method for writing data and system |
WO2017058221A1 (en) * | 2015-09-30 | 2017-04-06 | Hewlett Packard Enterprise Development Lp | Cryptographic-based initialization of memory content |
US10025600B2 (en) * | 2015-10-02 | 2018-07-17 | Google Llc | NAND-based verified boot |
US9876641B2 (en) * | 2015-10-08 | 2018-01-23 | The Boeing Company | Data dependent authentication keys for differential power analysis resistant authentication |
CN105376053B (en) * | 2015-10-26 | 2019-10-18 | 宁波大学 | Image key generation method based on Keccak hash algorithm |
GB201519612D0 (en) * | 2015-11-06 | 2015-12-23 | Nagravision Sa | Key sequence generation for cryptographic operations |
AT517983B1 (en) * | 2015-11-18 | 2018-11-15 | Siemens Ag Oesterreich | Protection of a computer system against side channel attacks |
EP3179668B1 (en) * | 2015-12-11 | 2019-05-22 | Institut Mines-Télécom | Methods and devices for estimating secret values |
EP3391584B1 (en) | 2015-12-16 | 2020-11-04 | Cryptography Research, Inc. | Cryptographic management of lifecycle states |
EP3185464B1 (en) | 2015-12-21 | 2020-05-20 | Hewlett-Packard Development Company, L.P. | Key generation information trees |
US9930021B2 (en) * | 2016-01-05 | 2018-03-27 | Intel Corporation | Secure devices using entropy multiplexing |
US10382210B2 (en) * | 2016-01-10 | 2019-08-13 | Apple Inc. | Secure device pairing |
KR101772554B1 (en) | 2016-02-02 | 2017-08-30 | 주식회사 코인플러그 | Method and server for providing notary service with respect to file and verifying the recorded file by using the notary service |
EP3220304B1 (en) * | 2016-02-22 | 2018-11-07 | Eshard | Method of testing the resistance of a circuit to a side channel analysis |
US10089116B2 (en) * | 2016-03-18 | 2018-10-02 | Uber Technologies, Inc. | Secure start system for an autonomous vehicle |
US20190305927A1 (en) * | 2016-03-18 | 2019-10-03 | University Of Florida Research Foundation Incorporated | Bitstream security based on node locking |
US9946890B2 (en) | 2016-03-18 | 2018-04-17 | Uber Technologies, Inc. | Secure start system for an autonomous vehicle |
WO2017173136A1 (en) * | 2016-03-30 | 2017-10-05 | The Athena Group, Inc. | Key update for masker keys |
US10300399B2 (en) * | 2016-03-31 | 2019-05-28 | Shenzhen Bell Creative Science and Education Co., Ltd. | Modules registration and status update of modular assembly system |
ES2899005T3 (en) * | 2016-04-07 | 2022-03-09 | Nagravision Sa | Flexible crypto device |
NL2016671B1 (en) * | 2016-04-25 | 2017-11-07 | Fugro N V | GNSS Message Authentication. |
DE102016107913A1 (en) * | 2016-04-28 | 2017-11-16 | Deutscher Genossenschafts-Verlag Eg | Procedure for the transmission of confidential messages |
US9916452B2 (en) | 2016-05-18 | 2018-03-13 | Microsoft Technology Licensing, Llc | Self-contained cryptographic boot policy validation |
CN106201352B (en) * | 2016-07-07 | 2019-11-29 | 广东高云半导体科技股份有限公司 | The secrecy system and decryption method of non-volatile FPGA on piece data streaming file |
WO2018020383A1 (en) * | 2016-07-25 | 2018-02-01 | Mobeewave, Inc. | System for and method of authenticating a component of an electronic device |
US10116440B1 (en) | 2016-08-09 | 2018-10-30 | Amazon Technologies, Inc. | Cryptographic key management for imported cryptographic keys |
US10341102B2 (en) * | 2016-09-02 | 2019-07-02 | Blackberry Limited | Decrypting encrypted data on an electronic device |
US10348502B2 (en) * | 2016-09-02 | 2019-07-09 | Blackberry Limited | Encrypting and decrypting data on an electronic device |
US11496285B2 (en) * | 2016-09-08 | 2022-11-08 | International Business Machines Corporation | Cryptographic side channel resistance using permutation networks |
US10528765B2 (en) * | 2016-09-16 | 2020-01-07 | Intel Corporation | Technologies for secure boot provisioning and management of field-programmable gate array images |
CH712947B1 (en) * | 2016-09-23 | 2021-01-29 | Vidoni Pierino | Device and method for securing data transmission between a transmitter and a receiver. |
US10318748B2 (en) * | 2016-09-30 | 2019-06-11 | Intel Corporation | Techniques to protect fuses against non-destructive attacks |
KR101825838B1 (en) * | 2016-10-14 | 2018-02-06 | 영남대학교 산학협력단 | Method of partially encrypting data, method of decrypting a partially-encrpted data, storage medium for a program decrypting a partially-encrpted data |
EP3338143B1 (en) * | 2016-10-27 | 2019-02-20 | Hewlett-Packard Development Company | Replaceable item authentication |
US10708073B2 (en) | 2016-11-08 | 2020-07-07 | Honeywell International Inc. | Configuration based cryptographic key generation |
US10547460B2 (en) | 2016-11-18 | 2020-01-28 | Qualcomm Incorporated | Message-based key generation using physical unclonable function (PUF) |
CN106712929A (en) * | 2016-12-30 | 2017-05-24 | 桂林电子科技大学 | Encryption method for big data |
US11190344B2 (en) * | 2017-01-25 | 2021-11-30 | Salesforce.Com, Inc. | Secure user authentication based on multiple asymmetric cryptography key pairs |
US20180234839A1 (en) * | 2017-02-13 | 2018-08-16 | Futurewei Technologies, Inc. | System and Method for User Equipment Identification and Communications |
WO2018153486A1 (en) * | 2017-02-24 | 2018-08-30 | NEC Laboratories Europe GmbH | Method for signing a new block in a decentralized blockchain consensus network |
CN106686008B (en) * | 2017-03-03 | 2019-01-11 | 腾讯科技(深圳)有限公司 | Information storage means and device |
GB2560587A (en) * | 2017-03-17 | 2018-09-19 | Univ Oxford Innovation Ltd | Secure data exchange |
US11128452B2 (en) * | 2017-03-25 | 2021-09-21 | AVAST Software s.r.o. | Encrypted data sharing with a hierarchical key structure |
CN108733311B (en) * | 2017-04-17 | 2021-09-10 | 伊姆西Ip控股有限责任公司 | Method and apparatus for managing storage system |
US10984136B2 (en) * | 2017-04-21 | 2021-04-20 | Micron Technology, Inc. | Secure memory device with unique identifier for authentication |
US10924261B2 (en) | 2017-05-22 | 2021-02-16 | Arm Limited | Efficient power distribution |
US10997322B2 (en) | 2017-05-22 | 2021-05-04 | Arm Limited | Efficient power distribution |
EP3656081A1 (en) * | 2017-07-18 | 2020-05-27 | Legic Identsystems Ag | Method and devices for communicating securely between devices |
US10469272B2 (en) * | 2017-07-28 | 2019-11-05 | Netapp, Inc. | Methods for facilitating secure cloud compute environments and devices thereof |
US10733313B2 (en) | 2018-02-09 | 2020-08-04 | Arm Limited | Counter integrity tree for memory security |
US10540297B2 (en) * | 2017-08-03 | 2020-01-21 | Arm Limited | Memory organization for security and reliability |
CN107609405B (en) * | 2017-08-03 | 2020-08-18 | 海光信息技术有限公司 | External secure memory device and system-on-chip SOC |
US10397000B2 (en) | 2017-08-14 | 2019-08-27 | Raytheon Company | Multi-level authentication for secure supply chain asset management |
WO2019043921A1 (en) * | 2017-09-01 | 2019-03-07 | 三菱電機株式会社 | Encryption device, decryption device, encryption method, decryption method, encryption program, and decryption program |
US10808280B2 (en) * | 2017-09-14 | 2020-10-20 | Colossio, Inc. | Computational phylogenetic analysis |
US10965456B2 (en) | 2017-09-25 | 2021-03-30 | The Boeing Company | Systems and methods for facilitating data encryption and decryption and erasing of associated information |
US10860403B2 (en) | 2017-09-25 | 2020-12-08 | The Boeing Company | Systems and methods for facilitating truly random bit generation |
US10924263B2 (en) * | 2017-09-25 | 2021-02-16 | The Boeing Company | Systems and methods for facilitating iterative key generation and data encryption and decryption |
CN107911210B (en) * | 2017-10-20 | 2019-01-22 | 广东省南方数字电视无线传播有限公司 | Video segment encryption and decryption method and related device |
CN109726363B (en) * | 2017-10-31 | 2020-05-29 | 阿里巴巴集团控股有限公司 | Data statistical method and device |
CN108063756B (en) * | 2017-11-21 | 2020-07-03 | 阿里巴巴集团控股有限公司 | Key management method, device and equipment |
DE102018100357A1 (en) * | 2018-01-09 | 2019-07-11 | Infineon Technologies Ag | CHIP AND METHOD FOR SAFE SAVING OF SECRET DATA |
US10706179B2 (en) * | 2018-01-10 | 2020-07-07 | General Electric Company | Secure provisioning of secrets into MPSoC devices using untrusted third-party systems |
FR3076925B1 (en) | 2018-01-16 | 2020-01-24 | Proton World International N.V. | CRYPTOGRAPHIC FUNCTION |
US10719607B2 (en) * | 2018-03-19 | 2020-07-21 | Nxp B.V. | Data integrity verification in a non-volatile memory |
CN108521325B (en) * | 2018-03-27 | 2021-09-21 | 林喆昊 | Side channel attack prevention method suitable for system data full life cycle |
US10826694B2 (en) | 2018-04-23 | 2020-11-03 | International Business Machines Corporation | Method for leakage-resilient distributed function evaluation with CPU-enclaves |
US10673617B1 (en) * | 2018-04-24 | 2020-06-02 | George Antoniou | Methods, system and point-to-point encryption device microchip for AES-sea 512-bit key using identity access management utilizing blockchain ecosystem to improve cybersecurity |
US10256974B1 (en) * | 2018-04-25 | 2019-04-09 | Blockchain Asics Llc | Cryptographic ASIC for key hierarchy enforcement |
WO2019217931A1 (en) | 2018-05-11 | 2019-11-14 | Lattice Semiconductor Corporation | Asset management systems and methods for programmable logic devices |
EP3791307A4 (en) * | 2018-05-11 | 2022-03-30 | Lattice Semiconductor Corporation | Secure boot systems and methods for programmable logic devices |
US11496445B2 (en) * | 2018-05-23 | 2022-11-08 | Sideassure, Inc. | Electronic device for secure communications with an automobile |
US10892903B2 (en) * | 2018-05-29 | 2021-01-12 | Ememory Technology Inc. | Communication system capable of preserving a chip-to-chip integrity |
CN108830207A (en) * | 2018-06-06 | 2018-11-16 | 成都邑教云信息技术有限公司 | A kind of Internet education warning system |
US11005663B2 (en) * | 2018-08-13 | 2021-05-11 | Seagate Technology Llc | Secure audit scheme in a distributed data storage system |
EP3809271B1 (en) * | 2018-08-15 | 2022-06-22 | Huawei Technologies Co., Ltd. | Secure data transfer apparatus, system and method |
CN109460309B (en) * | 2018-09-26 | 2020-09-22 | 华南理工大学 | Keccak algorithm fault detection system based on FPGA |
CN109471675B (en) * | 2018-10-30 | 2021-11-19 | 北京无限自在文化传媒股份有限公司 | Method and system for changing hardware |
RU2710669C1 (en) * | 2018-11-06 | 2019-12-30 | Открытое Акционерное Общество "Информационные Технологии И Коммуникационные Системы" | Data encryption method |
US11240025B2 (en) * | 2018-11-09 | 2022-02-01 | Ares Technologies, Inc. | Systems and methods for distributed key storage |
CN109286501B (en) * | 2018-11-13 | 2021-07-13 | 北京深思数盾科技股份有限公司 | Authentication method for encryption device and encryption device |
CN109558759B (en) * | 2018-11-20 | 2021-05-14 | 电子科技大学 | Analog signal conditioning circuit for non-contact smart card electromagnetic attack |
EP3661243A1 (en) * | 2018-11-29 | 2020-06-03 | Nagravision S.A. | Secure beacons |
CN109617867B (en) * | 2018-12-04 | 2020-08-14 | 海南高信通科技有限公司 | Intelligent gateway system for controlling household equipment |
KR102567097B1 (en) * | 2018-12-05 | 2023-08-14 | 삼성전자주식회사 | Method for updating Boot ROM of Embedded system and booting of thereof |
FI3890367T3 (en) * | 2018-12-20 | 2023-07-18 | Merck Patent Gmbh | Methods and systems for preparing and performing an object authentication |
US11055409B2 (en) * | 2019-01-06 | 2021-07-06 | Nuvoton Technology Corporation | Protected system |
EP3697020A1 (en) * | 2019-02-15 | 2020-08-19 | Siemens Aktiengesellschaft | Method of operating keystream generators in meter mode for secure data transmission, keystream generator with meter mode for secure data transmission and computer program product for keystream generation |
KR102621645B1 (en) * | 2019-03-12 | 2024-01-05 | 삼성전자주식회사 | Electronic device having secure integrated circuit |
DE102019109341B4 (en) * | 2019-04-09 | 2023-07-20 | Nicolai Roider | Procedure for the secure exchange of encrypted messages |
CN110213228B (en) * | 2019-04-25 | 2021-09-07 | 平安科技(深圳)有限公司 | Method, device, storage medium and computer equipment for authenticating communication |
US11128471B2 (en) * | 2019-04-25 | 2021-09-21 | Microsoft Technology Licensing, Llc | Accessibility controls in distributed data systems |
US10554637B1 (en) * | 2019-05-01 | 2020-02-04 | Cyberark Software Ltd. | Secure and reconstructible distribution of data among network resources |
CN110321737B (en) * | 2019-06-28 | 2020-12-11 | 兆讯恒达科技股份有限公司 | Method for preventing injection type attack of data encryption standard coprocessor |
US11645393B2 (en) | 2019-06-28 | 2023-05-09 | Seagate Technology Llc | Secure booting in a data storage device with front end bus |
EP3767849A1 (en) | 2019-07-18 | 2021-01-20 | Nagravision SA | A hardware component and a method for implementing a camouflage of current traces generated by a digital system |
US20220284132A1 (en) * | 2019-08-29 | 2022-09-08 | Carnegie Mellon University | Method for securing logic circuits |
TWI720694B (en) * | 2019-11-18 | 2021-03-01 | 中華電信股份有限公司 | Device and method of burning authentication with time sequence algorithm |
US11582021B1 (en) * | 2019-11-20 | 2023-02-14 | Xilinx, Inc. | Protection against differential power analysis attacks involving initialization vectors |
US11403433B2 (en) | 2020-01-17 | 2022-08-02 | Visa International Service Association | System, method, and computer program product for encrypting sensitive data using a field programmable gate array |
KR102094705B1 (en) * | 2020-01-17 | 2020-03-30 | 주식회사 에프엔에스벨류 | A multi-node authentication method and apparatus based on block chain |
CN114041173A (en) * | 2020-01-19 | 2022-02-11 | 移动眼视觉科技有限公司 | Anonymous collection of data from a group of eligible members |
EP3860035A1 (en) * | 2020-01-29 | 2021-08-04 | Sebastien Armleder | Storing and determining a data element |
FR3106909B1 (en) * | 2020-01-31 | 2022-02-18 | St Microelectronics Grenoble 2 | IC CONFIGURED TO PERFORM SYMMETRIC ENCRYPTION OPERATIONS WITH SECRET KEY PROTECTION |
US11265144B2 (en) | 2020-03-09 | 2022-03-01 | International Business Machines Corporation | Consistent ciphertext creation |
EP3893431A1 (en) * | 2020-04-06 | 2021-10-13 | Siemens Aktiengesellschaft | Authentication of a configuration of a field programmable logic gate array |
US11573929B2 (en) * | 2020-04-09 | 2023-02-07 | Kyndryl, Inc. | Deduplication of encrypted data using multiple keys |
WO2021212339A1 (en) * | 2020-04-21 | 2021-10-28 | Citrix Systems, Inc. | Secure translation of sensitive content |
US11368287B2 (en) * | 2020-05-19 | 2022-06-21 | International Business Machines Corporation | Identification of a creator of an encrypted object |
US20210367794A1 (en) * | 2020-05-21 | 2021-11-25 | Cryptotronix, LLC | Device provisioning system |
US11416621B2 (en) * | 2020-06-18 | 2022-08-16 | Micron Technology, Inc. | Authenticating software images |
US11599679B2 (en) * | 2020-06-23 | 2023-03-07 | Arm Limited | Electromagnetic and power noise injection for hardware operation concealment |
US11416639B2 (en) * | 2020-06-29 | 2022-08-16 | Nuvoton Technology Corporation | PQA unlock |
US11789565B2 (en) | 2020-08-18 | 2023-10-17 | Intel Corporation | Lid controller hub architecture for improved touch experiences |
CN112333698B (en) * | 2020-11-18 | 2021-08-24 | 深圳大师科技有限公司 | Encryption authentication method and device for mobile game terminal |
US11809493B2 (en) * | 2021-01-19 | 2023-11-07 | Micro Focus Llc | System and method for tokenization of data |
US11501027B2 (en) * | 2021-02-08 | 2022-11-15 | Micron Technology, Inc. | Mechanism to support writing files into a file system mounted in a secure memory device |
US11539503B2 (en) | 2021-03-03 | 2022-12-27 | Red Hat, Inc. | Container management for cryptanalysis attack protection |
US11929992B2 (en) * | 2021-03-31 | 2024-03-12 | Sophos Limited | Encrypted cache protection |
US11394308B1 (en) | 2021-05-05 | 2022-07-19 | Arm Limited | Apparatuses and methods for power isolation |
US11574079B2 (en) | 2021-05-27 | 2023-02-07 | Nuvoton Technology Corporation | Multi-stage provisioning of secret data |
US11494330B2 (en) * | 2021-06-22 | 2022-11-08 | Intel Corporation | Fuse recipe update mechanism |
CN113591089A (en) * | 2021-08-12 | 2021-11-02 | 上海观安信息技术股份有限公司 | Data confusion encryption method |
CN113703838B (en) * | 2021-08-30 | 2024-01-05 | 远景智能国际私人投资有限公司 | Equipment control method, device, equipment and storage medium |
US11783043B2 (en) * | 2021-11-23 | 2023-10-10 | ZT Group Int'l, Inc. | Methods for authentication of firmware images in embedded systems |
US20230269065A1 (en) * | 2022-02-24 | 2023-08-24 | FortifyIQ, Inc. | Carry-based differential power analysis and its application to testing for vulnerability of sha-2 and hmac-sha-2 to side channel attack |
TWI819516B (en) * | 2022-03-09 | 2023-10-21 | 瑞昱半導體股份有限公司 | Processing method and circuit of the hash message authentication codes based key derivation function |
TWI806577B (en) * | 2022-04-28 | 2023-06-21 | 瑞昱半導體股份有限公司 | Digital signature method and verification method for digital signature |
US20240004556A1 (en) * | 2022-06-29 | 2024-01-04 | Western Digital Technologies, Inc. | Asynchronous operation completion notification |
CN115361140B (en) * | 2022-08-19 | 2023-11-24 | 广州万协通信息技术有限公司 | Method and device for verifying security chip key |
Citations (163)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4694491A (en) | 1985-03-11 | 1987-09-15 | General Instrument Corp. | Cryptographic system using interchangeable key blocks and selectable key fragments |
US4908038A (en) | 1987-10-29 | 1990-03-13 | Toppan Printing Co., Ltd | High-security integrated-circuit card |
US4972472A (en) | 1985-03-15 | 1990-11-20 | Tandem Computers Incorporated | Method and apparatus for changing the master key in a cryptographic system |
US5017766A (en) | 1987-11-13 | 1991-05-21 | Kabushiki Kaisha Toshiba | Portable electronic apparatus capable of confirming validity of transaction data |
US5179951A (en) | 1990-04-19 | 1993-01-19 | Inomet, Inc. | Blood constituent measurement |
US5268962A (en) | 1992-07-21 | 1993-12-07 | Digital Equipment Corporation | Computer network with modified host-to-host encryption keys |
US5297207A (en) | 1993-05-24 | 1994-03-22 | Degele Steven T | Machine generation of cryptographic keys by non-linear processes similar to processes normally associated with encryption of data |
US5319172A (en) | 1991-01-08 | 1994-06-07 | Kabushiki Kaisha Kobe Seiko Sho | Microwave melting furnace for treating liquid |
US5454037A (en) | 1993-10-28 | 1995-09-26 | Grayline International Limited | Portable secure-telephone communications module |
US5491749A (en) | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for entity authentication and key distribution secure against off-line adversarial attacks |
US5511123A (en) | 1994-08-04 | 1996-04-23 | Northern Telecom Limited | Symmetric cryptographic system for data encryption |
US5513261A (en) | 1993-12-29 | 1996-04-30 | At&T Corp. | Key management scheme for use with electronic cards |
EP0781003A2 (en) | 1995-12-22 | 1997-06-25 | General Instrument Corporation Of Delaware | Generation of cryptographic signatures using hash keys |
US5944833A (en) | 1996-03-07 | 1999-08-31 | Cp8 Transac | Integrated circuit and method for decorrelating an instruction sequence of a program |
US5978475A (en) * | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
US5991415A (en) * | 1997-05-12 | 1999-11-23 | Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science | Method and apparatus for protecting public key schemes from timing and fault attacks |
US6009177A (en) | 1994-01-13 | 1999-12-28 | Certco Llc | Enhanced cryptographic system and method with key escrow feature |
WO2000002342A2 (en) | 1998-07-02 | 2000-01-13 | Cryptography Research, Inc. | Leak-resistant cryptographic indexed key update |
US6049878A (en) * | 1998-01-20 | 2000-04-11 | Sun Microsystems, Inc. | Efficient, secure multicasting with global knowledge |
US6188987B1 (en) | 1998-11-17 | 2001-02-13 | Dolby Laboratories Licensing Corporation | Providing auxiliary information with frame-based encoded audio information |
US6278783B1 (en) | 1998-06-03 | 2001-08-21 | Cryptography Research, Inc. | Des and other cryptographic, processes with leak minimization for smartcards and other cryptosystems |
US6289455B1 (en) | 1999-09-02 | 2001-09-11 | Crypotography Research, Inc. | Method and apparatus for preventing piracy of digital content |
US6298442B1 (en) | 1998-06-03 | 2001-10-02 | Cryptography Research, Inc. | Secure modular exponentiation with leak minimization for smartcards and other cryptosystems |
US6304658B1 (en) | 1998-01-02 | 2001-10-16 | Cryptography Research, Inc. | Leak-resistant cryptographic method and apparatus |
US6327661B1 (en) | 1998-06-03 | 2001-12-04 | Cryptography Research, Inc. | Using unpredictable information to minimize leakage from smartcards and other cryptosystems |
US6385727B1 (en) | 1998-09-25 | 2002-05-07 | Hughes Electronics Corporation | Apparatus for providing a secure processing environment |
US20020094088A1 (en) * | 2000-07-24 | 2002-07-18 | Takumi Okaue | Data processing system, data processing method, and program providing medium |
US20020124178A1 (en) | 1998-01-02 | 2002-09-05 | Kocher Paul C. | Differential power analysis method and apparatus |
US20020131592A1 (en) | 2001-03-16 | 2002-09-19 | Harris Hinnant | Entropy sources for encryption key generation |
US20020150250A1 (en) * | 2000-06-15 | 2002-10-17 | Yoshimichi Kitaya | System and method for processing information using encryption key block |
US6510518B1 (en) | 1998-06-03 | 2003-01-21 | Cryptography Research, Inc. | Balanced cryptographic computational method and apparatus for leak minimizational in smartcards and other cryptosystems |
JP2003022007A (en) | 2001-07-05 | 2003-01-24 | Kddi Corp | Method, system, program for electronic signature in stream transfer, and recording medium with the program recorded thereon |
US20030044017A1 (en) | 1999-07-23 | 2003-03-06 | Briscoe Robert John | Data distribution |
US20030056107A1 (en) * | 2001-09-17 | 2003-03-20 | Cammack William E. | Secure bootloader for securing digital devices |
US20030076958A1 (en) * | 2000-04-06 | 2003-04-24 | Ryuji Ishiguro | Information processing system and method |
US20030093674A1 (en) | 2001-10-15 | 2003-05-15 | Harrison Keith Alexander | Method and apparatus for encrypting data |
US20030093684A1 (en) | 2001-11-14 | 2003-05-15 | International Business Machines Corporation | Device and method with reduced information leakage |
US6587563B1 (en) | 1997-02-15 | 2003-07-01 | Apple Computer, Inc. | Cryptographic system using chaotic dynamics |
US20030142824A1 (en) * | 2000-12-26 | 2003-07-31 | Tomoyuki Asano | Information processing system and method |
US20030142826A1 (en) * | 2002-01-30 | 2003-07-31 | Tomoyuki Asano | Efficient revocation of receivers |
US20030161474A1 (en) * | 2002-01-25 | 2003-08-28 | Natsume Matsuzaki | Data distribution system |
US20030194085A1 (en) | 2002-04-12 | 2003-10-16 | Microsoft Corporation | Protection of application secrets |
US20030200440A1 (en) | 2002-04-17 | 2003-10-23 | Paul England | Saving and retrieving data based on symmetric key encryption |
US6654889B1 (en) | 1999-02-19 | 2003-11-25 | Xilinx, Inc. | Method and apparatus for protecting proprietary configuration data for programmable logic devices |
US20040030905A1 (en) | 2000-02-18 | 2004-02-12 | Chow Stanley T. | Encoding method and system resistant to power analysis |
US6704871B1 (en) * | 1997-09-16 | 2004-03-09 | Safenet, Inc. | Cryptographic co-processor |
JP2004096754A (en) | 2002-08-29 | 2004-03-25 | Samsung Electronics Co Ltd | Apparatus and method for hierarchical encryption using one-way function |
US6724894B1 (en) | 1999-11-05 | 2004-04-20 | Pitney Bowes Inc. | Cryptographic device having reduced vulnerability to side-channel attack and method of operating same |
US6735313B1 (en) * | 1999-05-07 | 2004-05-11 | Lucent Technologies Inc. | Cryptographic method and apparatus for restricting access to transmitted programming content using hash functions and program identifiers |
US20040165724A1 (en) * | 2002-09-16 | 2004-08-26 | Samsung Electronics Co., Ltd. | Method for encrypting and decrypting metadata and method for managing metadata and system thereof |
US20040236720A1 (en) * | 2000-04-06 | 2004-11-25 | International Business Machines Corporation | Longest prefix match lookup using hash function |
US20050010778A1 (en) * | 1998-07-10 | 2005-01-13 | Walmsley Simon Robert | Method for validating an authentication chip |
US20050027999A1 (en) | 2003-07-31 | 2005-02-03 | Pelly Jason Charles | Access control for digital content |
US20050025316A1 (en) | 2003-07-31 | 2005-02-03 | Pelly Jason Charles | Access control for digital content |
US20050028192A1 (en) | 2003-07-31 | 2005-02-03 | Hooper Daniel Luke | Access control for digital video stream data |
US20050038999A1 (en) | 2003-07-31 | 2005-02-17 | Pelly Jason Charles | Access control for digital content |
US20050044045A1 (en) | 2003-07-31 | 2005-02-24 | Pelly Jason Charles | Access control for digital content |
US20050058291A1 (en) * | 2003-08-25 | 2005-03-17 | Brant Candelore | Apparatus and method for an iterative cryptographic block |
US20050108507A1 (en) | 2003-11-17 | 2005-05-19 | Saurabh Chheda | Security of program executables and microprocessors based on compiler-arcitecture interaction |
US6901509B1 (en) * | 1996-05-14 | 2005-05-31 | Tumbleweed Communications Corp. | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data |
US6917685B1 (en) | 1999-02-04 | 2005-07-12 | Meteora System Co., Ltd. | IP key management mechanism with divergence barrier increasing entropy against computational crypto-analyses |
US6931543B1 (en) | 2000-11-28 | 2005-08-16 | Xilinx, Inc. | Programmable logic device with decryption algorithm and decryption key |
US20050180573A1 (en) | 2003-07-31 | 2005-08-18 | Pelly Jason C. | Access control for digital content |
US20050210014A1 (en) * | 2004-03-08 | 2005-09-22 | Sony Corporation | Information-processing method, decryption method, information-processing apparatus and computer program |
US20050210179A1 (en) * | 2002-12-02 | 2005-09-22 | Walmsley Simon R | Integrated circuit having random clock or random delay |
US20050213751A1 (en) * | 2004-03-26 | 2005-09-29 | Apostolopoulos John J | Methods and systems for generating transcodable encrypted content |
US20050234951A1 (en) * | 2004-04-14 | 2005-10-20 | Microsoft Corporation | Method and system for renaming consecutive keys in a B-tree |
US20050246533A1 (en) * | 2002-08-28 | 2005-11-03 | Docomo Communications Laboratories Usa, Inc. | Certificate-based encryption and public key infrastructure |
US20050256910A1 (en) * | 2004-01-08 | 2005-11-17 | Samsung Electronics Co., Ltd. | Method and apparatus for limiting number of times contents can be accessed using hash chain |
US20050289067A1 (en) * | 1998-10-26 | 2005-12-29 | Microsoft Corporation | System and method for secure storage of data using a key |
US20060021066A1 (en) * | 2004-07-26 | 2006-01-26 | Ray Clayton | Data encryption system and method |
US6993138B1 (en) * | 2000-09-14 | 2006-01-31 | Nortel Networks Limited | Spatial key trees for key management in wireless environments |
US6996724B2 (en) | 2000-01-25 | 2006-02-07 | Murata Kikai Kabushiki Kaisha | Secret key generating method, common key generating method, encryption method, cryptographic communication method and cryptographic communication system |
US20060036627A1 (en) * | 2004-08-06 | 2006-02-16 | Roger Deran | Method and apparatus for a restartable hash in a trie |
US7028191B2 (en) | 2001-03-30 | 2006-04-11 | Michener John R | Trusted authorization device |
US20060090081A1 (en) | 2001-11-14 | 2006-04-27 | Michael Baentsch | Device and method with reduced information leakage |
US7039803B2 (en) | 2001-01-26 | 2006-05-02 | International Business Machines Corporation | Method for broadcast encryption and key revocation of stateless receivers |
US20060095379A1 (en) * | 2004-10-22 | 2006-05-04 | Samsung Electronics Co., Ltd. | Key management method in network system |
US20060117177A1 (en) * | 2004-11-29 | 2006-06-01 | Buer Mark L | Programmable security platform |
US7117373B1 (en) | 2000-11-28 | 2006-10-03 | Xilinx, Inc. | Bitstream for configuring a PLD with encrypted design data |
US20060242067A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | System for creating control structure for versatile content control |
US20060242064A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method for creating control structure for versatile content control |
US7146501B2 (en) | 2001-02-02 | 2006-12-05 | Nec Corporation | Method and apparatus for encrypting and decrypting data using encrypting key contained in electronic watermark |
US20060294018A1 (en) | 2003-06-25 | 2006-12-28 | Samuli Tuoriniemi | Digital rights management |
US20070113079A1 (en) * | 2003-11-28 | 2007-05-17 | Takayuki Ito | Data processing apparatus |
US7225339B2 (en) * | 2000-04-06 | 2007-05-29 | Sony Corporation | Information recording/playback apparatus and method |
US20070133806A1 (en) * | 2004-03-31 | 2007-06-14 | Sony Corporation | Information processing method, decryption method, information processing device, and computer program |
WO2007084758A2 (en) | 2006-01-18 | 2007-07-26 | Vormetric, Inc. | System and methods for secure digital data archiving and access auditing |
US20070198851A1 (en) * | 2006-02-22 | 2007-08-23 | Fujitsu Limited Of Kawasaki, Japan. | Secure processor |
US20070223696A1 (en) * | 2004-11-08 | 2007-09-27 | Junko Furuyama | Secure Device and Relay Terminal |
US20070263875A1 (en) * | 2000-06-15 | 2007-11-15 | Sony Corporation | Information processing system and method using encryption key block |
US7299358B2 (en) * | 2002-07-30 | 2007-11-20 | Texas Instruments Incorporated | Indirect data protection using random key encryption |
US20070294496A1 (en) * | 2006-06-19 | 2007-12-20 | Texas Instruments Incorporated | Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices |
US20070297613A1 (en) * | 2006-06-23 | 2007-12-27 | Honeywell International Inc. | Secure group communication among wireless devices with distributed trust |
US20070300207A1 (en) * | 2006-06-22 | 2007-12-27 | James Ronald Booth | Boot Validation System and Method |
US20080010686A1 (en) * | 2004-11-11 | 2008-01-10 | Yusuke Nemoto | Confidential Information Processing Device |
US20080013733A1 (en) * | 2004-05-12 | 2008-01-17 | Mattias Johansson | Key Management Messages For Secure Broadcast |
US20080013724A1 (en) * | 1998-03-16 | 2008-01-17 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US7333616B1 (en) | 2001-11-14 | 2008-02-19 | Omniva Corp. | Approach for managing access to messages using encryption key management policies |
US20080042804A1 (en) * | 2005-01-12 | 2008-02-21 | Trevor Burbridge | Radio Frequency Identification Transponder Security |
US7339400B1 (en) | 2006-06-09 | 2008-03-04 | Xilinx, Inc. | Interface port for electrically programmed fuses in a programmable logic device |
US20080075291A1 (en) * | 2006-09-21 | 2008-03-27 | International Business Machines Corporation | Managing device keys in cryptographic communication |
US20080085003A1 (en) | 2006-10-05 | 2008-04-10 | Nds Limited | Key production system |
US20080086636A1 (en) * | 2006-10-09 | 2008-04-10 | Samsung Electronics Co., Ltd. | Method and apparatus of generating encryption key for broadcast encryption |
US7373668B1 (en) | 2002-03-29 | 2008-05-13 | Xilinx, Inc. | Methods and circuits for protecting proprietary configuration data for programmable logic devices |
US7373506B2 (en) | 2000-01-21 | 2008-05-13 | Sony Corporation | Data authentication system |
US20080172562A1 (en) * | 2007-01-12 | 2008-07-17 | Christian Cachin | Encryption and authentication of data and for decryption and verification of authenticity of data |
US20080205654A1 (en) * | 2004-08-26 | 2008-08-28 | Rainer Moos | Method and Security System for the Secure and Unequivocal Encoding of a Security Module |
US7434046B1 (en) * | 1999-09-10 | 2008-10-07 | Cisco Technology, Inc. | Method and apparatus providing secure multicast group communication |
US20080263363A1 (en) | 2007-01-22 | 2008-10-23 | Spyrus, Inc. | Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption |
KR20080096054A (en) | 2007-04-26 | 2008-10-30 | 삼성전자주식회사 | Method for writing data by encryption and reading the data thereof |
US20080279376A1 (en) | 2007-05-09 | 2008-11-13 | International Business Machines Corporation | System, method, and service for performing unified broadcast encryption and traitor tracing for digital content |
US20090022323A1 (en) * | 2007-07-18 | 2009-01-22 | Jooyoung Lee | Secret key predistribution method |
US20090048953A1 (en) | 2007-08-16 | 2009-02-19 | Patrick Hazel | Metrics systems and methods for token transactions |
US20090070583A1 (en) | 2006-10-17 | 2009-03-12 | Clay Von Mueller | System and method for secure transaction |
JP2009081549A (en) | 2007-09-25 | 2009-04-16 | Kyocera Corp | Signature verifying method, stream generating method, reception device, and stream transmission device |
US7539313B1 (en) * | 2000-09-13 | 2009-05-26 | Nortel Networks Limited | System and method for key management across geographic domains |
US20090138710A1 (en) * | 2005-11-04 | 2009-05-28 | Nec Corporation | Message Authentication Device, Message Authentication Method, Message Authentication Program and Storage Medium therefor |
US20090138728A1 (en) * | 2002-11-15 | 2009-05-28 | Matsushita Electric Industrial Co., Ltd. | Program update method and server |
US20090187766A1 (en) | 2008-01-17 | 2009-07-23 | Camille Vuillaume | System and Method for Digital Signatures and Authentication |
US20090187762A1 (en) * | 2006-07-27 | 2009-07-23 | Ryuichi Okamoto | Terminal device, server device, and content distribution system |
JP2009175544A (en) | 2008-01-25 | 2009-08-06 | Ntt Electornics Corp | Encrypting method and decrypting method |
US20090204806A1 (en) * | 2006-07-03 | 2009-08-13 | Kouichi Kanemura | Certifying device, verifying device, verifying system, computer program and integrated circuit |
US7581094B1 (en) | 2003-07-09 | 2009-08-25 | Hewlett-Packard Development Company, L.P. | Cryptographic checksums enabling data manipulation and transcoding |
US20090214029A1 (en) | 2008-02-27 | 2009-08-27 | International Business Machines Corporation | Unified Broadcast Encryption System |
US20090252324A1 (en) | 2008-04-04 | 2009-10-08 | Samsung Electronics Co. Ltd. | Method and apparatus for providing broadcast service using encryption key in a communication system |
US7607025B1 (en) | 2004-02-26 | 2009-10-20 | Xilinx, Inc. | Methods of intrusion detection and prevention in secure programmable logic devices |
US20090299989A1 (en) * | 2004-07-02 | 2009-12-03 | Oracle International Corporation | Determining predicate selectivity in query costing |
US20090304185A1 (en) * | 2008-06-09 | 2009-12-10 | Samsung Electronics Co., Ltd. | Method of tracing device keys for broadcast encryption |
US20090319802A1 (en) * | 2002-12-02 | 2009-12-24 | Silverbrook Research Pty Ltd | Key Genaration In An Integrated Circuit |
US20090327741A1 (en) | 2008-06-30 | 2009-12-31 | Zimmer Vincent J | System and method to secure boot uefi firmware and uefi-aware operating systems on a mobile internet device (mid) |
US7657035B2 (en) | 2006-02-03 | 2010-02-02 | Hitachi, Ltd. | Encryption communication method and system |
US20100042842A1 (en) * | 2008-08-12 | 2010-02-18 | Industrial Technology Research Institute | Light weight authentication and secret retrieval |
US20100045442A1 (en) * | 2008-08-22 | 2010-02-25 | Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited | RFID Privacy-Preserving Authentication System and Method |
US7689602B1 (en) * | 2005-07-20 | 2010-03-30 | Bakbone Software, Inc. | Method of creating hierarchical indices for a distributed object system |
US20100082991A1 (en) * | 2008-09-30 | 2010-04-01 | Hewlett-Packard Development Company, L.P. | Trusted key management for virtualized platforms |
US7706538B1 (en) | 2006-04-14 | 2010-04-27 | Oracle America, Inc. | System, method and data storage device for encrypting data |
US20100122088A1 (en) | 2002-06-20 | 2010-05-13 | Oxford William V | Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol |
US20100125739A1 (en) | 2008-11-20 | 2010-05-20 | General Dynamics C4 Systems, Inc. | Secure configuration of programmable logic device |
US20100161999A1 (en) * | 2008-12-19 | 2010-06-24 | University Of Washington | Scalable RFID systems: a privacy preserving protocol with constant-time identification |
US20100183150A1 (en) * | 2009-01-19 | 2010-07-22 | The Industry & Academic Cooperation In Chungnam National University(Iac) | Shared key management method, shared key generating method and message communication method for scada system, and recording medium |
US7783886B2 (en) * | 2002-12-02 | 2010-08-24 | Silverbrook Research Pty Ltd | Multi-level boot hierarchy for software development on an integrated circuit |
US20100278338A1 (en) | 2009-05-04 | 2010-11-04 | Mediatek Singapore Pte. Ltd. | Coding device and method with reconfigurable and scalable encryption/decryption modules |
US20100281273A1 (en) * | 2009-01-16 | 2010-11-04 | Lee Ruby B | System and Method for Processor-Based Security |
US20110038481A1 (en) | 2008-01-11 | 2011-02-17 | Jean-Louis Modave | Hierarchization of crytographic keys in an electronic circuit |
US20110072266A1 (en) * | 2008-10-10 | 2011-03-24 | Hisashi Takayama | Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit |
US20110078457A1 (en) * | 2009-09-29 | 2011-03-31 | Silverbrook Research Pty Ltd | Method of Encrypted Communication with Restricted Rate of Stored Encryption Key Retrievals |
WO2011068996A1 (en) | 2009-12-04 | 2011-06-09 | Cryptography Research, Inc. | Verifiable, leak-resistant encryption and decryption |
US7986158B2 (en) | 2008-08-21 | 2011-07-26 | OFID Microdevices, Inc. | Methods, apparatuses, and products for a secure circuit |
US20110258459A1 (en) | 2008-08-12 | 2011-10-20 | Institut Telecom - Telecom Paristech | Method for protecting the decrypting of the configuration files for programmable logic circuits and circuit implementing the method |
US20110286596A1 (en) * | 2009-01-29 | 2011-11-24 | Fortress Applications Ltd. | System and methods for encryption with authentication integrity |
US20120115455A1 (en) * | 2004-07-26 | 2012-05-10 | Bindu Rama Rao | Secure bootstrap provisioning of electronic devices in carrier networks |
US20120198514A1 (en) | 2009-08-04 | 2012-08-02 | Carnegie Mellon University | Methods and Apparatuses for User-Verifiable Trusted Path in the Presence of Malware |
US8250373B2 (en) * | 2003-10-23 | 2012-08-21 | Hewlett-Packard Development Company, L.P. | Authenticating and verifying an authenticable and verifiable module |
US8261085B1 (en) | 2011-06-22 | 2012-09-04 | Media Patents, S.L. | Methods, apparatus and systems to improve security in computer systems |
US8261068B1 (en) | 2008-09-30 | 2012-09-04 | Emc Corporation | Systems and methods for selective encryption of operating system metadata for host-based encryption of data at rest on a logical unit |
US8270614B2 (en) * | 2006-11-16 | 2012-09-18 | Samsung Electronics Co., Ltd. | Method of updating group key and group key update device using the same |
US8332649B2 (en) | 2005-11-08 | 2012-12-11 | Panasonic Corporation | Authentication system, signature creating device, and signature verifying device |
US8332653B2 (en) * | 2004-10-22 | 2012-12-11 | Broadcom Corporation | Secure processing environment |
US20130124868A1 (en) * | 2009-02-02 | 2013-05-16 | Peter Sorotokin | System and method for parts-based digital rights management |
US8683212B2 (en) * | 2006-10-06 | 2014-03-25 | Broadcom Corporation | Method and system for securely loading code in a security processor |
US20140129815A9 (en) | 2009-04-15 | 2014-05-08 | Interdigital Patent Holdings, Inc. | Validation and/or authentication of a device for communication with network |
US20160224799A1 (en) | 2015-02-03 | 2016-08-04 | Palo Alto Research Center Incorporated | Access control framework for information centric networking |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20338A (en) * | 1858-05-25 | Window-spring | ||
US20020141593A1 (en) * | 2000-12-11 | 2002-10-03 | Kurn David Michael | Multiple cryptographic key linking scheme on a computer system |
JP4976622B2 (en) | 2001-06-22 | 2012-07-18 | 東日本旅客鉄道株式会社 | Crossing control device and crossing control network |
US7613925B2 (en) * | 2003-01-10 | 2009-11-03 | Motorola, Inc. | Method for authenticating a message |
EP1519530A1 (en) * | 2003-09-29 | 2005-03-30 | STMicroelectronics S.r.l. | Method for establishing an encrypted communication by means of keys |
US20060059344A1 (en) * | 2004-09-10 | 2006-03-16 | Nokia Corporation | Service authentication |
US8190895B2 (en) * | 2005-08-18 | 2012-05-29 | Microsoft Corporation | Authenticated key exchange with derived ephemeral keys |
WO2008087734A1 (en) * | 2007-01-19 | 2008-07-24 | Mitsubishi Electric Corporation | Cryptogram generating device, cryptogram communication system, and group parameter generating device |
JP2009145544A (en) | 2007-12-13 | 2009-07-02 | Panasonic Corp | Plasma display device |
US8190892B2 (en) * | 2008-12-29 | 2012-05-29 | King Fahd University Of Petroleum & Minerals | Message authentication code with blind factorization and randomization |
US20100169658A1 (en) * | 2008-12-30 | 2010-07-01 | Lahouari Ghouti | Elliptic curve-based message authentication code |
US20120099948A1 (en) | 2010-10-21 | 2012-04-26 | Digi-Star, LLC, a Wisconsin Limited Liability Company | Automatic start / stop controls for agricultural load and transfer equipment |
US8194858B2 (en) * | 2009-02-19 | 2012-06-05 | Physical Optics Corporation | Chaotic cipher system and method for secure communication |
US8447988B2 (en) * | 2009-09-16 | 2013-05-21 | Lsi Corporation | Hash processing using a processor |
US9094195B2 (en) * | 2009-10-02 | 2015-07-28 | Andrew LEPPARD | Protecting de-duplication repositories against a malicious attack |
EP2497057A1 (en) * | 2009-11-06 | 2012-09-12 | Emue Holdings Pty Ltd | A method and a system for validating identifiers |
-
2010
- 2010-12-02 US US12/958,570 patent/US8386800B2/en active Active
- 2010-12-02 WO PCT/US2010/058768 patent/WO2011068996A1/en active Application Filing
- 2010-12-02 EP EP10835139.6A patent/EP2507708B1/en active Active
- 2010-12-02 JP JP2012542196A patent/JP5552541B2/en active Active
- 2010-12-02 KR KR1020127014536A patent/KR101714108B1/en active IP Right Grant
- 2010-12-02 CN CN201080060319.3A patent/CN102725737B/en active Active
- 2010-12-02 EP EP19164962.3A patent/EP3537653B1/en active Active
- 2010-12-03 TW TW099142160A patent/TWI440351B/en active
-
2012
- 2012-05-21 IL IL219906A patent/IL219906A/en active IP Right Grant
-
2013
- 2013-02-08 US US13/762,703 patent/US8707052B2/en active Active
-
2014
- 2014-03-07 US US14/201,539 patent/US8977864B2/en active Active
- 2014-03-27 JP JP2014065462A patent/JP5805249B2/en active Active
-
2015
- 2015-02-09 US US14/617,437 patent/US9569623B2/en active Active
- 2015-06-11 US US14/737,154 patent/US9576133B2/en active Active
- 2015-06-26 US US14/752,677 patent/US9367693B2/en active Active
-
2016
- 2016-12-30 US US15/395,809 patent/US10262141B2/en active Active
-
2017
- 2017-08-30 US US15/691,601 patent/US9940463B2/en active Active
-
2019
- 2019-01-04 US US16/240,671 patent/US11074349B2/en active Active
-
2021
- 2021-07-21 US US17/382,333 patent/US11797683B2/en active Active
Patent Citations (194)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4694491A (en) | 1985-03-11 | 1987-09-15 | General Instrument Corp. | Cryptographic system using interchangeable key blocks and selectable key fragments |
US4972472A (en) | 1985-03-15 | 1990-11-20 | Tandem Computers Incorporated | Method and apparatus for changing the master key in a cryptographic system |
US4908038A (en) | 1987-10-29 | 1990-03-13 | Toppan Printing Co., Ltd | High-security integrated-circuit card |
US5017766A (en) | 1987-11-13 | 1991-05-21 | Kabushiki Kaisha Toshiba | Portable electronic apparatus capable of confirming validity of transaction data |
US5179951A (en) | 1990-04-19 | 1993-01-19 | Inomet, Inc. | Blood constituent measurement |
US5319172A (en) | 1991-01-08 | 1994-06-07 | Kabushiki Kaisha Kobe Seiko Sho | Microwave melting furnace for treating liquid |
US5268962A (en) | 1992-07-21 | 1993-12-07 | Digital Equipment Corporation | Computer network with modified host-to-host encryption keys |
US5297207A (en) | 1993-05-24 | 1994-03-22 | Degele Steven T | Machine generation of cryptographic keys by non-linear processes similar to processes normally associated with encryption of data |
US5454037A (en) | 1993-10-28 | 1995-09-26 | Grayline International Limited | Portable secure-telephone communications module |
US5513261A (en) | 1993-12-29 | 1996-04-30 | At&T Corp. | Key management scheme for use with electronic cards |
US5491749A (en) | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for entity authentication and key distribution secure against off-line adversarial attacks |
US6009177A (en) | 1994-01-13 | 1999-12-28 | Certco Llc | Enhanced cryptographic system and method with key escrow feature |
US5511123A (en) | 1994-08-04 | 1996-04-23 | Northern Telecom Limited | Symmetric cryptographic system for data encryption |
EP0781003A2 (en) | 1995-12-22 | 1997-06-25 | General Instrument Corporation Of Delaware | Generation of cryptographic signatures using hash keys |
US5944833A (en) | 1996-03-07 | 1999-08-31 | Cp8 Transac | Integrated circuit and method for decorrelating an instruction sequence of a program |
US6901509B1 (en) * | 1996-05-14 | 2005-05-31 | Tumbleweed Communications Corp. | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data |
US6587563B1 (en) | 1997-02-15 | 2003-07-01 | Apple Computer, Inc. | Cryptographic system using chaotic dynamics |
US5991415A (en) * | 1997-05-12 | 1999-11-23 | Yeda Research And Development Co. Ltd. At The Weizmann Institute Of Science | Method and apparatus for protecting public key schemes from timing and fault attacks |
US5978475A (en) * | 1997-07-18 | 1999-11-02 | Counterpane Internet Security, Inc. | Event auditing system |
US6704871B1 (en) * | 1997-09-16 | 2004-03-09 | Safenet, Inc. | Cryptographic co-processor |
US20080022146A1 (en) | 1998-01-02 | 2008-01-24 | Kocher Paul C | Differential power analysis |
US8879724B2 (en) | 1998-01-02 | 2014-11-04 | Rambus Inc. | Differential power analysis—resistant cryptographic processing |
US6304658B1 (en) | 1998-01-02 | 2001-10-16 | Cryptography Research, Inc. | Leak-resistant cryptographic method and apparatus |
US7634083B2 (en) | 1998-01-02 | 2009-12-15 | Cryptography Research, Inc. | Differential power analysis |
US7587044B2 (en) | 1998-01-02 | 2009-09-08 | Cryptography Research, Inc. | Differential power analysis method and apparatus |
US7599488B2 (en) | 1998-01-02 | 2009-10-06 | Cryptography Research, Inc. | Differential power analysis |
US20020124178A1 (en) | 1998-01-02 | 2002-09-05 | Kocher Paul C. | Differential power analysis method and apparatus |
US6049878A (en) * | 1998-01-20 | 2000-04-11 | Sun Microsystems, Inc. | Efficient, secure multicasting with global knowledge |
US20080013724A1 (en) * | 1998-03-16 | 2008-01-17 | Intertrust Technologies Corp. | Methods and apparatus for persistent control and protection of content |
US6327661B1 (en) | 1998-06-03 | 2001-12-04 | Cryptography Research, Inc. | Using unpredictable information to minimize leakage from smartcards and other cryptosystems |
US6278783B1 (en) | 1998-06-03 | 2001-08-21 | Cryptography Research, Inc. | Des and other cryptographic, processes with leak minimization for smartcards and other cryptosystems |
US6298442B1 (en) | 1998-06-03 | 2001-10-02 | Cryptography Research, Inc. | Secure modular exponentiation with leak minimization for smartcards and other cryptosystems |
US7787620B2 (en) | 1998-06-03 | 2010-08-31 | Cryptography Research, Inc. | Prevention of side channel attacks against block cipher implementations and other cryptographic systems |
US20010053220A1 (en) | 1998-06-03 | 2001-12-20 | Cryptography Research, Inc. | Cryptographic computation using masking to prevent differential power analysis and other attacks |
US6510518B1 (en) | 1998-06-03 | 2003-01-21 | Cryptography Research, Inc. | Balanced cryptographic computational method and apparatus for leak minimizational in smartcards and other cryptosystems |
US6654884B2 (en) | 1998-06-03 | 2003-11-25 | Cryptography Research, Inc. | Hardware-level mitigation and DPA countermeasures for cryptographic devices |
US7668310B2 (en) | 1998-06-03 | 2010-02-23 | Cryptography Research, Inc. | Cryptographic computation using masking to prevent differential power analysis and other attacks |
US6539092B1 (en) * | 1998-07-02 | 2003-03-25 | Cryptography Research, Inc. | Leak-resistant cryptographic indexed key update |
JP2002520905A (en) | 1998-07-02 | 2002-07-09 | クリプターグラフィー リサーチ インコーポレイテッド | Method and device for updating a cryptographic index key having leakage resistance |
WO2000002342A2 (en) | 1998-07-02 | 2000-01-13 | Cryptography Research, Inc. | Leak-resistant cryptographic indexed key update |
US20050010778A1 (en) * | 1998-07-10 | 2005-01-13 | Walmsley Simon Robert | Method for validating an authentication chip |
US6385727B1 (en) | 1998-09-25 | 2002-05-07 | Hughes Electronics Corporation | Apparatus for providing a secure processing environment |
US20020129245A1 (en) | 1998-09-25 | 2002-09-12 | Cassagnol Robert D. | Apparatus for providing a secure processing environment |
US20050289067A1 (en) * | 1998-10-26 | 2005-12-29 | Microsoft Corporation | System and method for secure storage of data using a key |
US6188987B1 (en) | 1998-11-17 | 2001-02-13 | Dolby Laboratories Licensing Corporation | Providing auxiliary information with frame-based encoded audio information |
US6917685B1 (en) | 1999-02-04 | 2005-07-12 | Meteora System Co., Ltd. | IP key management mechanism with divergence barrier increasing entropy against computational crypto-analyses |
US6654889B1 (en) | 1999-02-19 | 2003-11-25 | Xilinx, Inc. | Method and apparatus for protecting proprietary configuration data for programmable logic devices |
US6735313B1 (en) * | 1999-05-07 | 2004-05-11 | Lucent Technologies Inc. | Cryptographic method and apparatus for restricting access to transmitted programming content using hash functions and program identifiers |
US20030044017A1 (en) | 1999-07-23 | 2003-03-06 | Briscoe Robert John | Data distribution |
US20060184807A1 (en) | 1999-09-02 | 2006-08-17 | Kocher Paul C | Specialized circuitry for cryptographic authentication and other purposes |
US6289455B1 (en) | 1999-09-02 | 2001-09-11 | Crypotography Research, Inc. | Method and apparatus for preventing piracy of digital content |
US20040111631A1 (en) | 1999-09-02 | 2004-06-10 | Kocher Paul C. | Using smartcards or other cryptographic modules for enabling connected devices to access encrypted audio and visual content |
US6640305B2 (en) | 1999-09-02 | 2003-10-28 | Cryptography Research, Inc. | Digital content protection method and apparatus |
US20020099948A1 (en) | 1999-09-02 | 2002-07-25 | Cryptography Research, Inc. | Digital Content Protection Method and Apparatus |
US7434046B1 (en) * | 1999-09-10 | 2008-10-07 | Cisco Technology, Inc. | Method and apparatus providing secure multicast group communication |
US6724894B1 (en) | 1999-11-05 | 2004-04-20 | Pitney Bowes Inc. | Cryptographic device having reduced vulnerability to side-channel attack and method of operating same |
US7373506B2 (en) | 2000-01-21 | 2008-05-13 | Sony Corporation | Data authentication system |
US6996724B2 (en) | 2000-01-25 | 2006-02-07 | Murata Kikai Kabushiki Kaisha | Secret key generating method, common key generating method, encryption method, cryptographic communication method and cryptographic communication system |
US20040030905A1 (en) | 2000-02-18 | 2004-02-12 | Chow Stanley T. | Encoding method and system resistant to power analysis |
US20030076958A1 (en) * | 2000-04-06 | 2003-04-24 | Ryuji Ishiguro | Information processing system and method |
US20040236720A1 (en) * | 2000-04-06 | 2004-11-25 | International Business Machines Corporation | Longest prefix match lookup using hash function |
US7225339B2 (en) * | 2000-04-06 | 2007-05-29 | Sony Corporation | Information recording/playback apparatus and method |
US20020150250A1 (en) * | 2000-06-15 | 2002-10-17 | Yoshimichi Kitaya | System and method for processing information using encryption key block |
US20070263875A1 (en) * | 2000-06-15 | 2007-11-15 | Sony Corporation | Information processing system and method using encryption key block |
US20020094088A1 (en) * | 2000-07-24 | 2002-07-18 | Takumi Okaue | Data processing system, data processing method, and program providing medium |
US7539313B1 (en) * | 2000-09-13 | 2009-05-26 | Nortel Networks Limited | System and method for key management across geographic domains |
US6993138B1 (en) * | 2000-09-14 | 2006-01-31 | Nortel Networks Limited | Spatial key trees for key management in wireless environments |
US7117373B1 (en) | 2000-11-28 | 2006-10-03 | Xilinx, Inc. | Bitstream for configuring a PLD with encrypted design data |
US6931543B1 (en) | 2000-11-28 | 2005-08-16 | Xilinx, Inc. | Programmable logic device with decryption algorithm and decryption key |
US20030142824A1 (en) * | 2000-12-26 | 2003-07-31 | Tomoyuki Asano | Information processing system and method |
US7039803B2 (en) | 2001-01-26 | 2006-05-02 | International Business Machines Corporation | Method for broadcast encryption and key revocation of stateless receivers |
US7146501B2 (en) | 2001-02-02 | 2006-12-05 | Nec Corporation | Method and apparatus for encrypting and decrypting data using encrypting key contained in electronic watermark |
US20020131592A1 (en) | 2001-03-16 | 2002-09-19 | Harris Hinnant | Entropy sources for encryption key generation |
US7028191B2 (en) | 2001-03-30 | 2006-04-11 | Michener John R | Trusted authorization device |
JP2003022007A (en) | 2001-07-05 | 2003-01-24 | Kddi Corp | Method, system, program for electronic signature in stream transfer, and recording medium with the program recorded thereon |
US20030056107A1 (en) * | 2001-09-17 | 2003-03-20 | Cammack William E. | Secure bootloader for securing digital devices |
US20030093674A1 (en) | 2001-10-15 | 2003-05-15 | Harrison Keith Alexander | Method and apparatus for encrypting data |
US7330969B2 (en) | 2001-10-15 | 2008-02-12 | Hewlett-Packard Development Company, L.P. | Method and apparatus for data validation |
US20030093684A1 (en) | 2001-11-14 | 2003-05-15 | International Business Machines Corporation | Device and method with reduced information leakage |
US7333616B1 (en) | 2001-11-14 | 2008-02-19 | Omniva Corp. | Approach for managing access to messages using encryption key management policies |
US20080222427A1 (en) | 2001-11-14 | 2008-09-11 | Michael Baentsch | Device and method with reduced information leakage |
US20060090081A1 (en) | 2001-11-14 | 2006-04-27 | Michael Baentsch | Device and method with reduced information leakage |
US20030161474A1 (en) * | 2002-01-25 | 2003-08-28 | Natsume Matsuzaki | Data distribution system |
US20030142826A1 (en) * | 2002-01-30 | 2003-07-31 | Tomoyuki Asano | Efficient revocation of receivers |
US7373668B1 (en) | 2002-03-29 | 2008-05-13 | Xilinx, Inc. | Methods and circuits for protecting proprietary configuration data for programmable logic devices |
US7545931B2 (en) | 2002-04-12 | 2009-06-09 | Microsoft Corporation | Protection of application secrets |
US20030194085A1 (en) | 2002-04-12 | 2003-10-16 | Microsoft Corporation | Protection of application secrets |
US20030200440A1 (en) | 2002-04-17 | 2003-10-23 | Paul England | Saving and retrieving data based on symmetric key encryption |
US7424612B2 (en) | 2002-04-17 | 2008-09-09 | Microsoft Corporation | Saving and retrieving data based on symmetric key encryption |
US20100122088A1 (en) | 2002-06-20 | 2010-05-13 | Oxford William V | Method and system for control of code execution on a general purpose computing device and control of code execution in a recursive security protocol |
US7299358B2 (en) * | 2002-07-30 | 2007-11-20 | Texas Instruments Incorporated | Indirect data protection using random key encryption |
US20050246533A1 (en) * | 2002-08-28 | 2005-11-03 | Docomo Communications Laboratories Usa, Inc. | Certificate-based encryption and public key infrastructure |
JP2004096754A (en) | 2002-08-29 | 2004-03-25 | Samsung Electronics Co Ltd | Apparatus and method for hierarchical encryption using one-way function |
US20040165724A1 (en) * | 2002-09-16 | 2004-08-26 | Samsung Electronics Co., Ltd. | Method for encrypting and decrypting metadata and method for managing metadata and system thereof |
US20090138728A1 (en) * | 2002-11-15 | 2009-05-28 | Matsushita Electric Industrial Co., Ltd. | Program update method and server |
US7783886B2 (en) * | 2002-12-02 | 2010-08-24 | Silverbrook Research Pty Ltd | Multi-level boot hierarchy for software development on an integrated circuit |
US20050210179A1 (en) * | 2002-12-02 | 2005-09-22 | Walmsley Simon R | Integrated circuit having random clock or random delay |
US20090319802A1 (en) * | 2002-12-02 | 2009-12-24 | Silverbrook Research Pty Ltd | Key Genaration In An Integrated Circuit |
US20060294018A1 (en) | 2003-06-25 | 2006-12-28 | Samuli Tuoriniemi | Digital rights management |
US7581094B1 (en) | 2003-07-09 | 2009-08-25 | Hewlett-Packard Development Company, L.P. | Cryptographic checksums enabling data manipulation and transcoding |
US20050038999A1 (en) | 2003-07-31 | 2005-02-17 | Pelly Jason Charles | Access control for digital content |
US20050027999A1 (en) | 2003-07-31 | 2005-02-03 | Pelly Jason Charles | Access control for digital content |
US20050025316A1 (en) | 2003-07-31 | 2005-02-03 | Pelly Jason Charles | Access control for digital content |
US20050180573A1 (en) | 2003-07-31 | 2005-08-18 | Pelly Jason C. | Access control for digital content |
US20050044045A1 (en) | 2003-07-31 | 2005-02-24 | Pelly Jason Charles | Access control for digital content |
US20050028192A1 (en) | 2003-07-31 | 2005-02-03 | Hooper Daniel Luke | Access control for digital video stream data |
US20050058291A1 (en) * | 2003-08-25 | 2005-03-17 | Brant Candelore | Apparatus and method for an iterative cryptographic block |
US8250373B2 (en) * | 2003-10-23 | 2012-08-21 | Hewlett-Packard Development Company, L.P. | Authenticating and verifying an authenticable and verifiable module |
US20050108507A1 (en) | 2003-11-17 | 2005-05-19 | Saurabh Chheda | Security of program executables and microprocessors based on compiler-arcitecture interaction |
US20130326236A1 (en) | 2003-11-17 | 2013-12-05 | BlueRISC Inc., a Delaware corporation | Security of Program Executables and Microprocessors Based on Compiler-Architecture Interaction |
US20070113079A1 (en) * | 2003-11-28 | 2007-05-17 | Takayuki Ito | Data processing apparatus |
US20050256910A1 (en) * | 2004-01-08 | 2005-11-17 | Samsung Electronics Co., Ltd. | Method and apparatus for limiting number of times contents can be accessed using hash chain |
US7607025B1 (en) | 2004-02-26 | 2009-10-20 | Xilinx, Inc. | Methods of intrusion detection and prevention in secure programmable logic devices |
US20050210014A1 (en) * | 2004-03-08 | 2005-09-22 | Sony Corporation | Information-processing method, decryption method, information-processing apparatus and computer program |
US20050213751A1 (en) * | 2004-03-26 | 2005-09-29 | Apostolopoulos John J | Methods and systems for generating transcodable encrypted content |
US20070133806A1 (en) * | 2004-03-31 | 2007-06-14 | Sony Corporation | Information processing method, decryption method, information processing device, and computer program |
US20050234951A1 (en) * | 2004-04-14 | 2005-10-20 | Microsoft Corporation | Method and system for renaming consecutive keys in a B-tree |
US20080013733A1 (en) * | 2004-05-12 | 2008-01-17 | Mattias Johansson | Key Management Messages For Secure Broadcast |
US20090299989A1 (en) * | 2004-07-02 | 2009-12-03 | Oracle International Corporation | Determining predicate selectivity in query costing |
US20060021066A1 (en) * | 2004-07-26 | 2006-01-26 | Ray Clayton | Data encryption system and method |
US20120115455A1 (en) * | 2004-07-26 | 2012-05-10 | Bindu Rama Rao | Secure bootstrap provisioning of electronic devices in carrier networks |
US20060036627A1 (en) * | 2004-08-06 | 2006-02-16 | Roger Deran | Method and apparatus for a restartable hash in a trie |
US20080205654A1 (en) * | 2004-08-26 | 2008-08-28 | Rainer Moos | Method and Security System for the Secure and Unequivocal Encoding of a Security Module |
US8332653B2 (en) * | 2004-10-22 | 2012-12-11 | Broadcom Corporation | Secure processing environment |
US20060095379A1 (en) * | 2004-10-22 | 2006-05-04 | Samsung Electronics Co., Ltd. | Key management method in network system |
US20070223696A1 (en) * | 2004-11-08 | 2007-09-27 | Junko Furuyama | Secure Device and Relay Terminal |
US20080010686A1 (en) * | 2004-11-11 | 2008-01-10 | Yusuke Nemoto | Confidential Information Processing Device |
US20120102336A1 (en) | 2004-11-12 | 2012-04-26 | BlueRISC Inc., a Delaware corporation | Security of Program Executables and Microprocessors Based on Compiler-Architecture Interaction |
US20060117177A1 (en) * | 2004-11-29 | 2006-06-01 | Buer Mark L | Programmable security platform |
US20060242064A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method for creating control structure for versatile content control |
US20060242067A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | System for creating control structure for versatile content control |
US20080042804A1 (en) * | 2005-01-12 | 2008-02-21 | Trevor Burbridge | Radio Frequency Identification Transponder Security |
US7689602B1 (en) * | 2005-07-20 | 2010-03-30 | Bakbone Software, Inc. | Method of creating hierarchical indices for a distributed object system |
US20090138710A1 (en) * | 2005-11-04 | 2009-05-28 | Nec Corporation | Message Authentication Device, Message Authentication Method, Message Authentication Program and Storage Medium therefor |
US8332649B2 (en) | 2005-11-08 | 2012-12-11 | Panasonic Corporation | Authentication system, signature creating device, and signature verifying device |
WO2007084758A2 (en) | 2006-01-18 | 2007-07-26 | Vormetric, Inc. | System and methods for secure digital data archiving and access auditing |
US7657035B2 (en) | 2006-02-03 | 2010-02-02 | Hitachi, Ltd. | Encryption communication method and system |
US20070198851A1 (en) * | 2006-02-22 | 2007-08-23 | Fujitsu Limited Of Kawasaki, Japan. | Secure processor |
US7706538B1 (en) | 2006-04-14 | 2010-04-27 | Oracle America, Inc. | System, method and data storage device for encrypting data |
US7339400B1 (en) | 2006-06-09 | 2008-03-04 | Xilinx, Inc. | Interface port for electrically programmed fuses in a programmable logic device |
US7550324B1 (en) | 2006-06-09 | 2009-06-23 | Xilinx, Inc. | Interface port for electrically programmed fuses in a programmable logic device |
US20070294496A1 (en) * | 2006-06-19 | 2007-12-20 | Texas Instruments Incorporated | Methods, apparatus, and systems for secure demand paging and other paging operations for processor devices |
US20070300207A1 (en) * | 2006-06-22 | 2007-12-27 | James Ronald Booth | Boot Validation System and Method |
US20070297613A1 (en) * | 2006-06-23 | 2007-12-27 | Honeywell International Inc. | Secure group communication among wireless devices with distributed trust |
US20090204806A1 (en) * | 2006-07-03 | 2009-08-13 | Kouichi Kanemura | Certifying device, verifying device, verifying system, computer program and integrated circuit |
US20090187762A1 (en) * | 2006-07-27 | 2009-07-23 | Ryuichi Okamoto | Terminal device, server device, and content distribution system |
US20080075291A1 (en) * | 2006-09-21 | 2008-03-27 | International Business Machines Corporation | Managing device keys in cryptographic communication |
US20080085003A1 (en) | 2006-10-05 | 2008-04-10 | Nds Limited | Key production system |
US8683212B2 (en) * | 2006-10-06 | 2014-03-25 | Broadcom Corporation | Method and system for securely loading code in a security processor |
US20080086636A1 (en) * | 2006-10-09 | 2008-04-10 | Samsung Electronics Co., Ltd. | Method and apparatus of generating encryption key for broadcast encryption |
US20090070583A1 (en) | 2006-10-17 | 2009-03-12 | Clay Von Mueller | System and method for secure transaction |
US8270614B2 (en) * | 2006-11-16 | 2012-09-18 | Samsung Electronics Co., Ltd. | Method of updating group key and group key update device using the same |
US20080172562A1 (en) * | 2007-01-12 | 2008-07-17 | Christian Cachin | Encryption and authentication of data and for decryption and verification of authenticity of data |
US20080263363A1 (en) | 2007-01-22 | 2008-10-23 | Spyrus, Inc. | Portable Data Encryption Device with Configurable Security Functionality and Method for File Encryption |
KR20080096054A (en) | 2007-04-26 | 2008-10-30 | 삼성전자주식회사 | Method for writing data by encryption and reading the data thereof |
US20080279376A1 (en) | 2007-05-09 | 2008-11-13 | International Business Machines Corporation | System, method, and service for performing unified broadcast encryption and traitor tracing for digital content |
US20090022323A1 (en) * | 2007-07-18 | 2009-01-22 | Jooyoung Lee | Secret key predistribution method |
US20090048953A1 (en) | 2007-08-16 | 2009-02-19 | Patrick Hazel | Metrics systems and methods for token transactions |
JP2009081549A (en) | 2007-09-25 | 2009-04-16 | Kyocera Corp | Signature verifying method, stream generating method, reception device, and stream transmission device |
US20110038481A1 (en) | 2008-01-11 | 2011-02-17 | Jean-Louis Modave | Hierarchization of crytographic keys in an electronic circuit |
US20090187766A1 (en) | 2008-01-17 | 2009-07-23 | Camille Vuillaume | System and Method for Digital Signatures and Authentication |
JP2009175544A (en) | 2008-01-25 | 2009-08-06 | Ntt Electornics Corp | Encrypting method and decrypting method |
US9712321B2 (en) | 2008-02-27 | 2017-07-18 | International Business Machines Corporation | Unified broadcast encryption system |
US9729316B2 (en) | 2008-02-27 | 2017-08-08 | International Business Machines Corporation | Unified broadcast encryption system |
US20090214029A1 (en) | 2008-02-27 | 2009-08-27 | International Business Machines Corporation | Unified Broadcast Encryption System |
US20090214031A1 (en) | 2008-02-27 | 2009-08-27 | International Business Machines Corporation | Unified broadcast encryption system |
US20090252324A1 (en) | 2008-04-04 | 2009-10-08 | Samsung Electronics Co. Ltd. | Method and apparatus for providing broadcast service using encryption key in a communication system |
US20090304185A1 (en) * | 2008-06-09 | 2009-12-10 | Samsung Electronics Co., Ltd. | Method of tracing device keys for broadcast encryption |
US20090327741A1 (en) | 2008-06-30 | 2009-12-31 | Zimmer Vincent J | System and method to secure boot uefi firmware and uefi-aware operating systems on a mobile internet device (mid) |
US20100042842A1 (en) * | 2008-08-12 | 2010-02-18 | Industrial Technology Research Institute | Light weight authentication and secret retrieval |
US20110258459A1 (en) | 2008-08-12 | 2011-10-20 | Institut Telecom - Telecom Paristech | Method for protecting the decrypting of the configuration files for programmable logic circuits and circuit implementing the method |
US7986158B2 (en) | 2008-08-21 | 2011-07-26 | OFID Microdevices, Inc. | Methods, apparatuses, and products for a secure circuit |
US8368517B2 (en) * | 2008-08-22 | 2013-02-05 | Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited | RFID privacy-preserving authentication system and method |
US20100045442A1 (en) * | 2008-08-22 | 2010-02-25 | Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited | RFID Privacy-Preserving Authentication System and Method |
US8261068B1 (en) | 2008-09-30 | 2012-09-04 | Emc Corporation | Systems and methods for selective encryption of operating system metadata for host-based encryption of data at rest on a logical unit |
US20100082991A1 (en) * | 2008-09-30 | 2010-04-01 | Hewlett-Packard Development Company, L.P. | Trusted key management for virtualized platforms |
US20110072266A1 (en) * | 2008-10-10 | 2011-03-24 | Hisashi Takayama | Information processing device, authentication system, authentication device, information processing method, information processing program, recording medium, and integrated circuit |
US8095800B2 (en) | 2008-11-20 | 2012-01-10 | General Dynamics C4 System, Inc. | Secure configuration of programmable logic device |
US20100125739A1 (en) | 2008-11-20 | 2010-05-20 | General Dynamics C4 Systems, Inc. | Secure configuration of programmable logic device |
US20100161999A1 (en) * | 2008-12-19 | 2010-06-24 | University Of Washington | Scalable RFID systems: a privacy preserving protocol with constant-time identification |
US20100281273A1 (en) * | 2009-01-16 | 2010-11-04 | Lee Ruby B | System and Method for Processor-Based Security |
US20100183150A1 (en) * | 2009-01-19 | 2010-07-22 | The Industry & Academic Cooperation In Chungnam National University(Iac) | Shared key management method, shared key generating method and message communication method for scada system, and recording medium |
US20110286596A1 (en) * | 2009-01-29 | 2011-11-24 | Fortress Applications Ltd. | System and methods for encryption with authentication integrity |
US20130124868A1 (en) * | 2009-02-02 | 2013-05-16 | Peter Sorotokin | System and method for parts-based digital rights management |
US20140129815A9 (en) | 2009-04-15 | 2014-05-08 | Interdigital Patent Holdings, Inc. | Validation and/or authentication of a device for communication with network |
US20100278338A1 (en) | 2009-05-04 | 2010-11-04 | Mediatek Singapore Pte. Ltd. | Coding device and method with reconfigurable and scalable encryption/decryption modules |
US20120198514A1 (en) | 2009-08-04 | 2012-08-02 | Carnegie Mellon University | Methods and Apparatuses for User-Verifiable Trusted Path in the Presence of Malware |
US20110078457A1 (en) * | 2009-09-29 | 2011-03-31 | Silverbrook Research Pty Ltd | Method of Encrypted Communication with Restricted Rate of Stored Encryption Key Retrievals |
US8386800B2 (en) | 2009-12-04 | 2013-02-26 | Cryptography Research, Inc. | Verifiable, leak-resistant encryption and decryption |
US8707052B2 (en) | 2009-12-04 | 2014-04-22 | Cryptography Research, Inc. | Cryptographic device with resistance to differential power analysis and other external monitoring attacks |
WO2011068996A1 (en) | 2009-12-04 | 2011-06-09 | Cryptography Research, Inc. | Verifiable, leak-resistant encryption and decryption |
US8261085B1 (en) | 2011-06-22 | 2012-09-04 | Media Patents, S.L. | Methods, apparatus and systems to improve security in computer systems |
US20160224799A1 (en) | 2015-02-03 | 2016-08-04 | Palo Alto Research Center Incorporated | Access control framework for information centric networking |
US9552493B2 (en) | 2015-02-03 | 2017-01-24 | Palo Alto Research Center Incorporated | Access control framework for information centric networking |
Non-Patent Citations (36)
Title |
---|
Advanced Access Content System (AACS), Introduction and Common Cryptographic Elements, Revision 09.1 (Feb. 17, 2006), available at http://www.aacsla.com/specifications/specs091/AACS_Spec_Common_0.91.pdf. 82 Pages. |
Beye, Michael et al., "Improved Anonymity for Key-trees*", International Association for Cryptologic Research, vol. 20110728:025555, Jul. 22, 2011 (Jul. 22, 2011), pp. 1-16, XP061005092, [retrieved on Jul. 22, 2011]. 16 Pages. |
CN Office Action dated Apr. 22, 2015 in CN Application No. 201080060319.3, Includes English Translation. 10 pages. |
Dziembowski et al., "Leakage-Resilient Cryptography in the Standard Model," FOCS, pp. 293-302, IEEE Computer Society, May 28, 2008. 13 pages. |
EP Communication Pursuant to Article 94(3) EPC dated May 9, 2018 re: EP Appln. No. 10835139.6. 6 Pages. |
EP Communication Pursuant to Article 94(3) EPC with dated Jun. 8, 2020 re: EP Appln. No. 19164962.3. 7 pages. |
EP Extended European Search Report dated Jul. 5, 2019 re: EP Appln. No. 19164962.3. 8 Pages. |
EP Response filed on Jun. 10, 2016 with EP Appln. No. 10835139.6 in Response to the Extended European Search Report dated Dec. 4, 2015 and the Communication Pursuant to Rules 70(2) and 70a(2) EPC dated Dec. 22, 2015. 32 Pages. |
EP—Extended European Search Report dated Dec. 4, 2015 re EP Appln. No. 10835139.6. 10 Pages. |
Faust et al., "Leakage-Resilient Signatures," TCC, vol. 5978 of Lecture Notes in Computer Science, pp. 343-360, 2010. 21 pages. |
Hu, Lingxuan et al., "Secure Aggregation for Wireless Networks", Applications and the Internet Workshops, 2003. Proceedings 2003 Symposium. pp. 384-391. Jan. 27-31, 2003. 8 Pages. |
JP Decision of Rejection dated Nov. 28, 2013 in JP Application No. 2012-542196, Includes English Translation. 9 pages. |
JP Office Action dated May 17, 2013 in JP Application No. 2012-542196, Includes English Translation. 15 pages. |
Katz, Jonathan (2004) , "Binary Tree Encryption: Constructions and Applications", In: Lim JI., Lee DH. (eds) Information Security and Cryptology—ICISC 2003. ICISC 2003. Lecture Notes in Computer Science, vol. 2971. Springer, Berlin, Heidelberg. 11 Pages. |
Kocher et al., "Differential Power Analysis," Advances in Cryptology—Crypto 99 Proceedings, Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999, pp. 388-397. 10 pages. |
Kondratieva, Veronika et al., "Optimized Hash Tree for Authentication in Sensor Networks", IEEE Communications Letters, vol. 11, No. 2, Feb. 2007, pp. 149-151. 3 Pages. |
KR Office Action dated Sep. 5, 2016 Re: KR Appln. No. 2012-7014536. 13 Pages. (With Translation). |
Lorentz Center, "Workshop on Provable Security Against Physical Attacks," Feb. 15-19, 2010, found at http://www.lorentzcenter.nl/lc/web/2010/383/presentations/index.php3?wsid=383&type=presentations. 1 page. |
McEvoy et al., "All-or-NothingTransforms as a Countermeasure to Differential Side-Channel Analysis," Cryptology ePrint Archive, Report 2009/185, http://eprint.iacr.org/2009/185. 18 pages. |
Menezes et al., "Efficient Implementation," Handbook of Applied Cryptography, CRC Press, Chapter 14, pp. 591-634, 1996. 44 pages. |
Menezes et al., "Handbook of Applied Cryptography," Chapters 1, 5, and 7, CRC Press, Boca Raton, Florida, 1997. 130 pages. |
Menezes et al., "Handbook of Applied Cryptography," CRC Press, 1996, pp. 285 -298, 312-319, 452-462, 475, and 515-524, found at http://www.cacr.math.uwaterloo.ca/hac/ on Jun. 22, 2011. 45 pages. |
Menezes et al., "Handbook of Applied Cryptography," pp. 71, 586, 636-637, CRC Press, Boca Raton, Florida, 1997. 6 pages. |
MICHAEL BEYE ; THIJS VEUGEN: "Improved Anonymity for Key-Trees", IACR, INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH, vol. 20110728:025555, Report 2011/395, 22 July 2011 (2011-07-22), pages 1 - 16, XP061005092 |
Molnar, David et al., "Privacy and Security in Library RFID Issues, Practices, and Architectures", Proceedings of the 11th ACM Conference on Computer and Communications Security : Washington, DC, USA, Oct. 25-29, 2004; [ACM Conference on Computer and Communications Security], New York, NY : ACM Press, 2 Penn Plaza, Suite 01 New York NY 10121, Oct. 25, 2004 (Oct. 25, 2004), pp. 210-219, XP058347820, DOI: 11.1145/1030083.1030112, ISBN: 978-1-58113-961-7. 10 Pages. |
Office Action dated Dec. 10, 2015, re Application No. 219,906. 12 Pages. (With Translation). |
PCT International Preliminary Report on Patentability dated Jun. 14, 2012 in International Application No. PCT/US2010/058768. 12 pages. |
Petit et al., "A Block Cipher Based PRNG Secure Against Side-Channel Key Recovery," Proceedings of ASIACCS 2008, pp. 56-65, Tokyo, Japan, Mar. 2008. 22 pages. |
Pietrzak, K., "A Leakage-Resilient Mode of Operation," Eurocrypt 2009, Lecture Notes in Computer Science, vol. 5479, pp. 462-482, Cologne, Germany, Apr. 2009. 20 pages. |
Pietrzak, K., "Provable Security for Physical Cryptography," Invited Talk, Paper, Proceedings of WEWORC 2009, Graz, Austria, Jul. 2009. 17 pages. |
Pietrzak, K., "Provable Security for Physical Cryptography," Invited Talk, Slides, Proceedings of WEWORC 2009, Graz, Austria, Jul. 2009. 126 pages. |
Standaert et al., "Leakage Resilient Cryptography in Practice," Cryptology ePrint Archive, Report 2009/341, 2009, found at http://eprint.iacr.org/2009/341.pdf. 37 pages. |
Standaert, Francois-Xavier, "How Leaky is an Extractor?," Workshop on Provable Security Against Sid-Channel Attacks, Leiden, The Netherlands, Feb. 2010. 11 pages. |
Su, Chien-Chung et al., "The New Intrusion Prevention and Detection Approaches for Clustering-Based Sensor Networks", Wireless Communications and Networking Conference, IEEE New Orleans, LA, USA, pp. 1927-1932, Mar. 13-17, 2005. 6 Pages. |
Tanaka et al., "Study on Practical Message Authentication Mechanisms for Digital Streaming Services," IEICE Technical Report, Jul. 18, 2001, vol. 101, No. 204, Tokyo, Japan. 11 pages (no translation). |
TW Office Action dated Jul. 16, 2013 in TW Application No. 99142160, Includes English Translation. 12 pages. |
Also Published As
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11797683B2 (en) | Security chip with resistance to external monitoring attacks | |
US10482291B2 (en) | Secure field-programmable gate array (FPGA) architecture | |
Guajardo et al. | Physical unclonable functions and public-key crypto for FPGA IP protection | |
JP4216475B2 (en) | Cryptographic indexed key update method and device having leakage resistance | |
US8909932B2 (en) | Method and apparatus for security over multiple interfaces | |
US9571289B2 (en) | Methods and systems for glitch-resistant cryptographic signing | |
US11496285B2 (en) | Cryptographic side channel resistance using permutation networks | |
Athena | FIPS 140-2 Cryptographic Module Security Policy | |
Markov et al. | An Electronic Sealant for Secure Multi-chip Systems: Reducing Vulnerability to Malicious Alterations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: CRYPTOGRAPHY RESEARCH, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KOCHER, PAUL C.;ROHATGI, PANKAJ;JAFFE, JOSHUA M.;SIGNING DATES FROM 20091209 TO 20091217;REEL/FRAME:048724/0024 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |